摘要
僵尸网络是一种复杂、灵活、高效的网络攻击平台,在互联网中分布非常广泛.僵尸网络使攻击者具备了实施大规模恶意活动的能力,如发送垃圾邮件、发动分布式拒绝服务攻击等.由于其危害日益严重,僵尸网络已经成为网络安全研究的热点之一.但是近年来,僵尸网络新的发展、变化,突破了以往对僵尸网络的认知.文中分析僵尸网络的现有研究,对僵尸网络进行了重新定义,并从网络结构、网络独立性和信息传递方式等角度对僵尸网络的类型进行了划分;然后,梳理了僵尸网络检测技术、测量技术和反制技术等方面的工作;最后,给出了僵尸网络的演化趋势和未来研究方向.
As a complex, flexible and effective platform for network attacking, the botnet spreads widely in the Internet. Botnets can provide the botmasters with the ability to launch large-scale malicious activities such as spamming and DDoS (Distributed Denial of Service) attacks. Botnets are continuously bringing more and more severe threats, so that the study on hotnets has already become one of the focuses in the field of network security. However, in recent years, some new developments of botnets are challenging the existing understanding on botnets. In this paper, according to the new conditions of botnets and the researches in existence, a definition of botnet is proposed based on the works of other researchers, taxonomies of botnets are introduced respectively from the views of network structure, dependency and delivery pattern of C&C (Command and Control) information. Then the techniques on detecting, measuring and restraining botnets are analyzed systematically. In the end, we give the evolution trends of botnets and the future research trends in this area.
出处
《计算机学报》
EI
CSCD
北大核心
2012年第6期1192-1208,共17页
Chinese Journal of Computers
基金
国家"九七三"重点基础研究发展规划项目基金"高效可信的虚拟计算环境基础研究"(2011CB302600)
国家自然科学基金"大型分布式软件系统的行为监控与可信演化"(90818028)
国家杰出青年科学基金(60625203)资助~~