P2P僵尸网络跨域体系结构的构建与评估

doi:10.3969/j.issn.0372-2112.2018.04.004

电子学报 ›› 2018, Vol. 46 ›› Issue (4): 791-796.DOI: 10.3969/j.issn.0372-2112.2018.04.004

P2P僵尸网络跨域体系结构的构建与评估

庹宇鹏^1,2, 张永铮^1,2, 尹涛^1,2

1. 中国科学院信息工程研究所, 北京 100093;
2. 中国科学院大学网络空间安全学院, 北京 100049

收稿日期:2016-09-19 修回日期:2017-04-18 出版日期:2018-04-25
- 通讯作者:
- 张永铮
- 作者简介:
- 庹宇鹏 男,1984年出生,河北廊坊人,中国科学院信息工程研究所助理研究员,主要研究方向为网络异常检测、移动互联网大数据挖掘.E-mail:tuoyupeng@iie.ac.cn
- 基金资助:
- 国家自然科学基金 (No.61572496）

Modeling and Evaluating a Cross-Realm Architecture for P2P Botnet

TUO Yu-peng^1,2, ZHANG Yong-zheng^1,2, YIN Tao^1,2

1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;
2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China

Received:2016-09-19 Revised:2017-04-18 Online:2018-04-25 Published:2018-04-25
- Corresponding author:
- ZHANG Yong-zheng
- Supported by:
- National Natural Science Foundation of China (No.61572496)

摘要/Abstract

摘要： 针对现有P2P僵尸网络抗追踪性较差的问题，提出了一种P2P僵尸网络跨域体系结构（CRA）.CRA将僵尸主机间的通信严格限制在不同的域之间，并引入IP伪造技术隐藏通信的源IP.考虑到监控全球互联网的不可行性以及IP溯源的困难性，现实中防御者将很难对CRA展开追踪.模拟实验结果表明，较之当前主流的P2P僵尸网络体系结构，CRA具备更好的抗追踪性和鲁棒性.

关键词: 僵尸网络, 体系结构, 跨域, IP伪造, 抗追踪

Abstract:

To construct a tracking-resistant P2P botnet, a Cross-Realm Architecture (CRA) was proposed. CRA strictly restricts bots' interactions across different realms and hides the origins of bots' interactions by IP spoofing. Considering the infeasibility of monitoring the global Internet and the difficulty of IP traceback, it is very hard for defenders to track CRA in the real world. The simulation results show that compared to recent popular P2P botnet architectures, CRA has better anti-tracking performance and robustness.

Key words: botnet, architecture, cross-realm, IP spoofing, anti-tracking

中图分类号:

TP393.08

庹宇鹏, 张永铮, 尹涛. P2P僵尸网络跨域体系结构的构建与评估[J]. 电子学报, 2018, 46(4): 791-796.

TUO Yu-peng, ZHANG Yong-zheng, YIN Tao . Modeling and Evaluating a Cross-Realm Architecture for P2P Botnet[J]. Acta Electronica Sinica, 2018, 46(4): 791-796.

参考文献

[1] Yu S,Guo S,Stojmenovic I.Can we beat legitimate cyber behavior mimicking attacks from botnets?[A].INFOCOM 2012[C].USA:IEEE,2012.2851-2855.
[2] Nadji Y,Antonakakis M,Perdisci R,et al.Beheading hydras:performing effective botnet takedowns[A].Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security[C].ACM,2013.121-132.
[3] Coskun B,Dietrich S,Memon N.Friends of an enemy:identifying local members of peer-to-peer botnets using mutual contacts[A].Proceedings of the 26th Annual Computer Security Applications Conference[C].ACM,2010.131-140.
[4] François J,Wang S,State R,et al.BotTrack:tracking botnets using NetFlow and PageRank[J].NETWORKING,2011,2011:1-14.
[5] Nagaraja S,Mittal P,Hong C Y,et al.BotGrep:Finding P2P Bots with Structured Graph Analysis[A].USENIX Security Symposium[C].ACM,2010.95-110.
[6] Brin S,Page L.The PageRank citation ranking:bringing order to the Web[R].Stanford Infolab,2006.
[7] Gkantsidis C,Mihail M,Saberi A.Random walks in peer-to-peer networks[A].INFOCOM 2004[C].IEEE,2004.1-12.
[8] Borisov N.Anonymous routing in structured peer-to-peer overlays[D].University of California,Berkeley,2005.
[9] Aspnes J,Wieder U.The expansion and mixing time of skip graphs with applications[A].Proceedings of the 17th Annual ACM Symposium on Parallelism in Algorithms and Architectures[C].ACM,2005.126-134.
[10] Zhong M,Shen K,Seiferas J.Non-uniform random membership management in peer-to-peer networks[A].INFOCOM 2005[C].IEEE,2005.1151-1161.
[11] Golovanov S,Soumenkov I.TDL4 top bot[R].Kaspersky Lab Analysis,2011.
[12] Neville A,Gibb R.Zeroaccess indepth[R].Symantec Security Response,2013.
[13] Stone-Gross B.The lifecycle of peer-to-peer (gameover) zeus[R].Dell Secure Works,2012.
[14] Kerkers M,Santanna J J,Sperotto A.Characterisation of the Kelihos.B Botnet[A].IFIP International Conference on Autonomous Infrastructure,Management and Security[C].Springer,2014.79-91.
[15] International Organization for Standardization (ISO) 3166-1[EB/OL].https://en.wikipedia.org/wiki/ISO_3166-1,2017-4-19.
[16] Ripeanu M.Peer-to-peer architecture case study:Gnutella network[A].Proceedings of First International Conference on Peer-to-Peer Computing[C].IEEE,2001.99-100.
[17] Leskovec J,Krevl A.SNAP Datasets:Stanford large network dataset collection (2014)[OL].http://snap.stanford.edu/data.
[18] Maymounkov P,Mazieres D.Kademlia:A peer-to-peer information system based on the xor metric[A].International Workshop on Peer-to-Peer Systems[C].Springer,2002.53-65.
[19] Montresor A,Jelasity M.PeerSim:A scalable P2P simulator[A].Ninth International Conference on Peer-to-Peer Computing 2009[C].IEEE,2009.99-100.

P2P僵尸网络跨域体系结构的构建与评估

Modeling and Evaluating a Cross-Realm Architecture for P2P Botnet

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	梁顺攀, 刘伟, 郑智中, 原福永. 基于方面和胶囊网络的跨域评分预测模型[J]. 电子学报, 2022, 50(9): 2102-2109.
[2]	成元虎, 黄立波, 崔益俊, 马胜, 王永文, 隋兵才. 基于RISC-V的嵌入式多指令集处理器设计及实现[J]. 电子学报, 2021, 49(11): 2081-2089.
[3]	罗睿辞, 叶蔚, 刘学洋, 孙基男, 张世琨. 基于拥塞博弈的微服务运行时资源管理方法[J]. 电子学报, 2019, 47(7): 1497-1505.
[4]	邹耀斌, 乔焰, 孙水发, 臧兆祥, 夏平, 王俊英, 董方敏, 龚国强. 边缘引导和轮廓约束下的跨域香农熵最大化导向的自动阈值选取方法[J]. 电子学报, 2019, 47(12): 2495-2504.
[5]	马晓婷, 马文平, 刘小雪. 基于区块链技术的跨域认证方案[J]. 电子学报, 2018, 46(11): 2571-2579.
[6]	周彦伟, 杨波, 张文政. 普适计算环境下的安全访问模型[J]. 电子学报, 2017, 45(4): 959-965.
[7]	朱玉飞, 戴紫彬, 徐进辉, 李功丽. 流体系结构密码处理器存储系统的研究与设计[J]. 电子学报, 2017, 45(12): 2957-2964.
[8]	林闯. 计算机体系结构的层次设计:来自易经模型的视角[J]. 电子学报, 2017, 45(11): 2569-2574.
[9]	王寿成, 李功丽, 严迎建, 徐进辉. 面向分组密码的四维度并行处理架构研究[J]. 电子学报, 2017, 45(10): 2457-2463.
[10]	李焱, 郑亚松, 李婧, 朱春鸽, 刘欣然. 云环境下面向跨域作业的调度方法[J]. 电子学报, 2017, 45(10): 2416-2424.
[11]	林闯. 计算机体系结构设计原理的易经模型[J]. 电子学报, 2016, 44(8): 1777-1783.
[12]	邢驰, 李伯虎. Infiniband网络架构下RTI通信机制研究[J]. 电子学报, 2016, 44(2): 327-333.
[13]	倪友聪, 叶鹏, 杜欣, 陈明, 肖如良. 一种基于规则的软件体系结构层性能演化优化方法[J]. 电子学报, 2016, 44(11): 2688-2694.
[14]	张伟功, 周继芹, 李杰, 王晶, 丁瑞, 邓哲, 王嘉佳, 杜瑞. UM-BUS总线及接入式体系结构[J]. 电子学报, 2015, 43(9): 1776-1785.
[15]	张文芳, 王小敏, 郭伟, 何大可. 基于椭圆曲线密码体制的高效虚拟企业跨域认证方案[J]. 电子学报, 2014, 42(6): 1095-1102.