摘要
近年来,从传统蠕虫和木马发展形成的僵尸网络逐渐成为攻击者手中最有效的攻击平台,甚至可以成为网络战的武器,因此,关注僵尸网络已有研究成果与发展趋势都十分必要.将僵尸网络的发展历程概括为5个阶段,分析各阶段特点和代表性僵尸网络.对僵尸网络进行形式化定义并依据命令控制信道拓扑结构将其划分为4类.同时,将当前僵尸网络研究热点归纳为检测、追踪、测量、预测和对抗5个环节,分别介绍各环节的研究状况,并对每个环节的研究进展进行归纳和分析.通过研究僵尸网络在攻防对抗中的演进规律,提取僵尸网络存在的不可绕过的脆弱性.最后,综合分析当前僵尸网络研究现状,并展望僵尸网络发展趋势.
In recent years, botnets, evolving from traditional worms and Trojans, have become one of the most effective platforms for many Internet attacks. Botnets have even become a powerful weapon for cyberwarfare. Therefore, as defenders, we should pay more attention to botnets--both current research findings and their evolution trends. In this paper, we divide the evolution of botnets into five phases and analyze their characteristics and corresponding representative botnets in each phase. To describe bothers unambiguously, we define bothers formally and classify bothers into four classes based on topology structures. In order to have an overall perspective of current research works, we divide them into five fields: detection, tracking, measurement, prediction, countermeasures, and analyze each field in detail. Based on the comprehensive study of the development law of botnet attacks and defense, we exact several inescapable weaknesses inside botnets, which could be exploited to defend against botnets. To conclude the paper, we suggest possible countermeasures against botnets and predict possible evolution trends of botnets.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2011年第8期1315-1331,共17页
Journal of Computer Research and Development
基金
国家"九七三"重点基础研究计划基金项目(2007CB311100)
国家自然科学基金项目(61070186
61070026)
