期刊文献+

MRRbot:基于冗余机制的多角色P2P僵尸网络模型 被引量:3

MRRbot:A Multi-Role and Redundancy-Based P2P Botnet Model
下载PDF
导出
摘要 对现有僵尸网络的防御已取得很大成效,但僵尸网络不断演变进化,尤其在三网融合不断推进的背景下,这给防御者带来新的挑战.因此,预测未来僵尸网络以及时应对,非常必要.提出了一种基于冗余机制的多角色P2P僵尸网络模型(MRRbot),该模型引入虚壳僵尸终端,能够很大程度上验证僵尸终端的软硬件环境,增强其可信度和针对性;采用信息冗余机制和服务终端遴选算法,使僵尸终端能够均衡、高效地访问服务终端,提高命令控制信道的健壮性和抗毁性.对MRRbot的可控性、时效性和抗毁性进行了理论分析和实验评估,并就其健壮性与前人工作进行了比较.结果表明,MRRbot能够高效下发指令,有效对抗防御,更具威胁.探讨了可能的防御策略,提出基于志愿者网络的防御体系. As common platforms of cyber attacks, botnets cause great damage and bring serious threats. Though the defenses against current botnets are effective, botnets' evolution gives defenders a big challenge, which is worse with the development of tri-network integration. Therefore, it is indispensable to predict future botnets for timely defense. In this paper, we summarize the weaknesses of existing botnets, and present the design of a mutli-role and redundancy-based P2P hornet model (MRRbot). In this model, fake bots are created to be an important role that can help enhance bots' credibility and pertinence, and a redundancy mechanism and a selection algorithm are designed to improve the invisibility and robustness of the command and control channel. Furthermore, MRRbot is analyzed and evaluated on its controllability, efficiency, invulnerability, and its robustness is compared with others previous work. Both theoretical analysis and experimental results demonstrate that MRRbot's botmasters can quickly publish commands to each hot with the probability close to 100%, even suffering effective defenses. MRRbot is more dangerous with high controllability, efficiency, robustness and invulnerability, which is likely to be adopted by attackers in the future. Finally, a defense system against this advanced botnet, which is based on the volunteer network, is suggested.
出处 《计算机研究与发展》 EI CSCD 北大核心 2011年第8期1488-1496,共9页 Journal of Computer Research and Development
基金 国家自然科学基金项目(61003261) 国家"八六三"高技术研究发展计划基金项目(2007AA010501)
关键词 网络安全 僵尸网络 命令控制 冗余机制 多角色 network security botnet command and control redundancy multi-role
  • 相关文献

参考文献15

  • 1McPherson D, Dobbins R, Hollyman M, ct al. Worldwide infrastructure security report, Vol 5 [R/OL]. Chelmsford, MA: Arbor Networks, 2010. [2011-01-14]. http://www. arbornetworks, corn/report.
  • 2Vogt R, Aycock J, Jacobson M. Army of botnets [C]//Proc of the 2007 Network and Distributed System Security Symposium (NDSS'07). Reston, VA: ISOC, 2007.
  • 3Starnberger G, Kruegel C, Kirda E. Ovcrbot A botnet protocol based on Kademlia [C]//Proc of the 4th Int Conf on Security and Privacy in Communication Networks. New York: ACM, 2008: 1-9.
  • 4Wang P, Sparks S, Zou C C. An advanced hybrid pee:to peer botnet [C]//Proe of the 1st USENIX Workshop on Hot Topics in Understanding Botnets (HotBots'07). Berkeley, CAz USENIX, 2007: No 2.
  • 5应凌云,冯登国,苏璞睿.基于P2P的僵尸网络及其防御[J].电子学报,2009,37(1):31-37. 被引量:19
  • 6Wang W, Fang B, Cui X, et al. A UserID-centralized recoverable botnet:Structure research and defense [J]. International Journal of Innovative Computing, Information and Control, 2010, 6(4):4307-4317.
  • 7Traynor P, Lin M, Ongtang M, et al. On cellular botnets: Measuring the impact of malicious devices on a cellular network core [C] //Proc of the 16th ACM Conf on Computer and Communications Security (CCS'09). New York: ACM, 2009:61-80.
  • 8Singh K, Sangal S, Jain N, et al. Evaluating bluetooth as a medium for hornet command and control [C]//Proc of the Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'10). Washington, DC: IEEE Computer Society, 2010: 61-80.
  • 9王海龙,龚正虎,侯婕.僵尸网络检测技术研究进展[J].计算机研究与发展,2010,47(12):2037-2048. 被引量:22
  • 10Wang P, Wu L, Cunningham R, et al. Honeypot detection in advanced botnet attacks [J]. International Journal of Information and Computer Security, 2010, 4(1): 30-51.

二级参考文献88

  • 1程杰仁,殷建平,刘运,钟经伟.蜜罐及蜜网技术研究进展[J].计算机研究与发展,2008,45(z1):375-378. 被引量:35
  • 2P Barford and M Blodgett. Toward Botnet Mesocosms[A]. In Proc. USENIX HotBots'07[C] .6 - 6.
  • 3J B Grizzard, V Sharma, C Nunnery, B B Kang and D Dagon. Peer-to-Peer Botnets: Overview and Case Study[A]. In Proc. USENIX HotBots' 07[ C]. 1-1.
  • 4P Wang, S Sparks and C Zou. An Advanced Hybrid Peer-to- Peer Botnet [ A]. In Proc. USENIX HotBots' 07 E C ]. 2 - 2.
  • 5R Vogt, J Aycock and M Jacobson. Army of Botnets[A]. In Proc. NDSS' 07 [ C]. 2007.111 - 123.
  • 6Y Pryadkin, R Lindell, J Bannister and R Govindan. An Empirical Evaluation of IP Address Space Occupancy [ R]. ISITR-2004 - 598,2004.
  • 7Z Chen and C Ji. Optimal worm-scanning method using vulnerable-host distributions[ J]. International Journal of Security and Networks, 2007,2(1/2) : 71 - 80.
  • 8Y Xie, F Yu, K Achan, E Gillum, M Goldszmidt and T Wobber. How Dynamic are IP Addresses? [ J]. Comput. Commun. Rev. ,2007,37(4) :301 - 312.
  • 9J B Horrigan and A Smith. Home Broadband Adoption 2007 [OL ]. http://www, pewintemet, org/pdfs/PIP_ Broadband 2007. pdf, 2007.
  • 10D Stutzbach and R Rejaie. Understanding churn in peer-to- peer networks [ A 3. In Proc. ACM IMC' 06 [ C ]. 2006. 189 - 202.

共引文献39

同被引文献16

引证文献3

二级引证文献5

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部