摘要
僵尸网络是互联网面临的主要威胁之一。当前,网络服务类型多样、安全漏洞频出、以物联网设备为代表的海量联网设备部署更加有利于僵尸网络全球扩展。未来僵尸网络将更加具有跨平台特性和隐匿性,这给网络空间带来了严重的安全隐患。因此,针对僵尸网络自身开展深入研究,可以为新的僵尸网络防御研究提供研究对象,对于设计下一代网络安全防护体系具有重要意义。提出一种基于HTTP的可扩展僵尸网络框架来解决僵尸网络自身存在的兼容性、隐匿性与安全性问题,该框架基于中心式控制模型,采用HTTP作为僵尸网络通信协议,并对通信内容进行基于对称密码学的块加密。进一步地,提出了一种面向多平台架构的僵尸网络安全控制方法,该方法利用源码级代码集成与交叉编译技术解决兼容性问题,引入动态密钥加密通信机制克服传统僵尸网络流量存在规律性和易被分析的不足,设计服务器迁移与重连机制解决中心式僵尸网络模型存在的单点失效问题,以提高僵尸网络存活率。3个不同控制性水平场景下的仿真实验结果表明,僵尸网络的规模与其命令与控制(C&C,command and control)服务器服务负载之间存在线性关系;此外,在僵尸网络规模相同的条件下,越高的控制性会带来越高的吞吐量和越大的系统负载,从而验证了所提方法的有效性和现实可行性。
Botnet is one of main threats towards the Internet.Currently,botnets can expand to the whole world due to various types of network services,pervasive security vulnerabilities and massive deployment of networked devices,e.g.,internet of things(IoT)devices.Future botnets will become more cross-platform and stealthy,which introduces severe security risks to cyberspace.Therefore,in-depth research on botnets can offer study targets to corresponding defensive studies,which is very meaningful for designing an architecture to secure the next-generation cyberspace.Hence,an HTTP-based scalable botnet framework was proposed to address the problems of compatibility,stealthiness and security.Specifically,the framework adopted a centralized controlling model.Moreover,it used the HTTP protocol as the designed botnet’s communication protocol and block encryption mechanisms based on symmetric cryptography to protect the botnet’s communication contents.Furthermore,a secure control mechanism for multi-platform botnets was designed.In particular,the proposed mechanism utilized source-level code integration and cross-compilation techniques to solve the compatibility challenge.It also introduced encrypted communication with dynamic secret keys to overcome the drawbacks of network traffic regularity and ease of analysis in traditional botnets.Moreover,it designed server migration and reconnection mechanisms to address the weakness of single-point-failure in centralized botnet models.Simulation results in three experimental scenarios with different levels of botnet controllability show that there is a linear relationship between the size of a botnet and the service overhead of the related C&C servers.In addition,under the condition of the same botnet scale,a higher level of controllability introduces a higher throughput and a greater system overhead.The above results demonstrate the effectiveness and the practical feasibility of the proposed method.
作者
刘强
李鹏飞
付章杰
LIU Qiang;LI Pengfei;FU Zhangjie(College of Computer,National University of Defense Technology,Changsha 410073,China;School of Computer&Software,Nanjing University of Information Science&Technology,Nanjing 210044,China)
出处
《网络与信息安全学报》
2023年第1期42-55,共14页
Chinese Journal of Network and Information Security
基金
湖南省自然科学基金(2021JJ30779)。
关键词
僵尸网络
安全控制
多平台架构
高级加密标准
botnet
secure control
multi-platform architecture
advanced encryption standard
