电子学报 ›› 2018, Vol. 46 ›› Issue (4): 791-796.DOI: 10.3969/j.issn.0372-2112.2018.04.004

• 学术论文 • 上一篇    下一篇

P2P僵尸网络跨域体系结构的构建与评估

庹宇鹏1,2, 张永铮1,2, 尹涛1,2   

  1. 1. 中国科学院信息工程研究所, 北京 100093;
    2. 中国科学院大学网络空间安全学院, 北京 100049
  • 收稿日期:2016-09-19 修回日期:2017-04-18 出版日期:2018-04-25
    • 通讯作者:
    • 张永铮
    • 作者简介:
    • 庹宇鹏 男,1984年出生,河北廊坊人,中国科学院信息工程研究所助理研究员,主要研究方向为网络异常检测、移动互联网大数据挖掘.E-mail:tuoyupeng@iie.ac.cn
    • 基金资助:
    • 国家自然科学基金 (No.61572496)

Modeling and Evaluating a Cross-Realm Architecture for P2P Botnet

TUO Yu-peng1,2, ZHANG Yong-zheng1,2, YIN Tao1,2   

  1. 1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
    2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2016-09-19 Revised:2017-04-18 Online:2018-04-25 Published:2018-04-25
    • Corresponding author:
    • ZHANG Yong-zheng
    • Supported by:
    • National Natural Science Foundation of China (No.61572496)

摘要: 针对现有P2P僵尸网络抗追踪性较差的问题,提出了一种P2P僵尸网络跨域体系结构(CRA).CRA将僵尸主机间的通信严格限制在不同的域之间,并引入IP伪造技术隐藏通信的源IP.考虑到监控全球互联网的不可行性以及IP溯源的困难性,现实中防御者将很难对CRA展开追踪.模拟实验结果表明,较之当前主流的P2P僵尸网络体系结构,CRA具备更好的抗追踪性和鲁棒性.

关键词: 僵尸网络, 体系结构, 跨域, IP伪造, 抗追踪

Abstract:

To construct a tracking-resistant P2P botnet, a Cross-Realm Architecture (CRA) was proposed. CRA strictly restricts bots' interactions across different realms and hides the origins of bots' interactions by IP spoofing. Considering the infeasibility of monitoring the global Internet and the difficulty of IP traceback, it is very hard for defenders to track CRA in the real world. The simulation results show that compared to recent popular P2P botnet architectures, CRA has better anti-tracking performance and robustness.

Key words: botnet, architecture, cross-realm, IP spoofing, anti-tracking

中图分类号: