摘要
对现有僵尸网络的防御已取得很大成效,但僵尸网络不断演变进化,尤其在三网融合不断推进的背景下,这给防御者带来新的挑战.因此,预测未来僵尸网络以及时应对,非常必要.提出了一种基于冗余机制的多角色P2P僵尸网络模型(MRRbot),该模型引入虚壳僵尸终端,能够很大程度上验证僵尸终端的软硬件环境,增强其可信度和针对性;采用信息冗余机制和服务终端遴选算法,使僵尸终端能够均衡、高效地访问服务终端,提高命令控制信道的健壮性和抗毁性.对MRRbot的可控性、时效性和抗毁性进行了理论分析和实验评估,并就其健壮性与前人工作进行了比较.结果表明,MRRbot能够高效下发指令,有效对抗防御,更具威胁.探讨了可能的防御策略,提出基于志愿者网络的防御体系.
As common platforms of cyber attacks, botnets cause great damage and bring serious threats. Though the defenses against current botnets are effective, botnets' evolution gives defenders a big challenge, which is worse with the development of tri-network integration. Therefore, it is indispensable to predict future botnets for timely defense. In this paper, we summarize the weaknesses of existing botnets, and present the design of a mutli-role and redundancy-based P2P hornet model (MRRbot). In this model, fake bots are created to be an important role that can help enhance bots' credibility and pertinence, and a redundancy mechanism and a selection algorithm are designed to improve the invisibility and robustness of the command and control channel. Furthermore, MRRbot is analyzed and evaluated on its controllability, efficiency, invulnerability, and its robustness is compared with others previous work. Both theoretical analysis and experimental results demonstrate that MRRbot's botmasters can quickly publish commands to each hot with the probability close to 100%, even suffering effective defenses. MRRbot is more dangerous with high controllability, efficiency, robustness and invulnerability, which is likely to be adopted by attackers in the future. Finally, a defense system against this advanced botnet, which is based on the volunteer network, is suggested.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2011年第8期1488-1496,共9页
Journal of Computer Research and Development
基金
国家自然科学基金项目(61003261)
国家"八六三"高技术研究发展计划基金项目(2007AA010501)