摘要
基于Peer-list的混合型P2P僵尸网络代表了一类高级僵尸网络形态,这种僵尸网络的优势是可抵抗传统P2P僵尸网络易受的索引污染(Index Poisoning)攻击和女巫(Sybil)攻击,然而却引入了新的问题——易受Peer-list污染攻击。本文提出一种新颖的混合P2P僵尸网络设计模型,在僵尸网络构建和Peer-list更新的整个生命周期中引入信誉机制,使得Peer-list污染攻击难以发挥作用。实验证明该模型具备很强的抗污染能力和很高的健壮性,因此对网络安全防御造成了新的威胁。最后,我们提出了若干可行的防御方法。本文旨在增加防御者对高级僵尸网络的理解,以促进更有效的网络防御。
Peer-list exchanging based hybrid P2P botnets, which are naturally robust in topology structure and immune to Index Poisoning and Sybil attacks, represent one of the most sophisticated botnets. However, such kinds of botnets are generally vulnerable to Peer-list pollution attack. In this paper, we present a novel hybrid botnet design, which aims to verify the possibility of developing a pollution resilient hybrid P2P botnet. The proposed botnet introduces a reputation-based mechanism into the whole lifecycle of Peer-list constructing and updating, making pollution attack extremely difficult, even using thousands of coordinated polluters simultaneously. We evaluated the proposed botnet under mitigation condition; and the experiments result show that such kind of advanced botnet is feasible, consequently posing a great challenge to security defenders. At last, we suggest some possible countermeasures to defend against such an advanced botnet. The ultimate goal of our work is to increase the understanding of the emerging advanced botnets, which will promote the development of more efficient countermeasures.
作者
尹捷
崔翔
方滨兴
衣龙浩
张方娇
YIN Jie;CUI Xiang;FANG Binxing;YI Longhao;ZHANG Fangjiao(Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China;Institute of Electronic and Information Engineering of UESTC in Guangdong, Dongguan Guangdong 523808, China)
出处
《信息安全学报》
CSCD
2018年第1期68-82,共15页
Journal of Cyber Security
基金
国家重点研发计划No.2016QY08D1602
东莞市引进创新科研团队计划(项目编号:201636000100038)资助
