English | 中文

手机二维码
 
【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 116次   下载 96 本文二维码信息
码上扫一扫!
一种抗污染的混合P2P僵尸网络
尹捷,崔翔,方滨兴,衣龙浩,张方娇
分享到: 微信 更多
(中国科学院信息工程研究所, 北京 中国 100093;中国科学院大学网络空间安全学院, 北京 中国 100049;中国科学院信息工程研究所, 北京 中国 100093;广州大学网络空间先进技术研究院, 广州 中国 510006;广州大学网络空间先进技术研究院, 广州 中国 510006;电子科技大学广东电子信息工程研究院, 广东东莞 中国 523808)
摘要:
基于Peer-list的混合型P2P僵尸网络代表了一类高级僵尸网络形态,这种僵尸网络的优势是可抵抗传统P2P僵尸网络易受的索引污染(Index Poisoning)攻击和女巫(Sybil)攻击,然而却引入了新的问题——易受Peer-list污染攻击。本文提出一种新颖的混合P2P僵尸网络设计模型,在僵尸网络构建和Peer-list更新的整个生命周期中引入信誉机制,使得Peer-list污染攻击难以发挥作用。实验证明该模型具备很强的抗污染能力和很高的健壮性,因此对网络安全防御造成了新的威胁。最后,我们提出了若干可行的防御方法。本文旨在增加防御者对高级僵尸网络的理解,以促进更有效的网络防御。
关键词:  P2P僵尸网络  混合型僵尸网络  对等列表  污染攻击
DOI:10.19363/j.cnki.cn10-1380/tn.2018.01.005
投稿时间:2017-09-25最后修改时间:2017-11-13
基金项目:本课题得到国家重点研发计划No.2016QY08D1602,东莞市引进创新科研团队计划(项目编号:201636000100038)资助。
A Pollution-resilient Hybrid P2P Botnet
YIN Jie,CUI Xiang,FANG Binxing,YI Longhao,ZHANG Fangjiao
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China;Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China;Institute of Electronic and Information Engineering of UESTC in Guangdong, Dongguan Guangdong 523808, China
Abstract:
Peer-list exchanging based hybrid P2P botnets, which are naturally robust in topology structure and immune to Index Poisoning and Sybil attacks, represent one of the most sophisticated botnets. However, such kinds of botnets are generally vulnerable to Peer-list pollution attack. In this paper, we present a novel hybrid botnet design, which aims to verify the possibility of developing a pollution resilient hybrid P2P botnet. The proposed botnet introduces a reputation-based mechanism into the whole lifecycle of Peer-list constructing and updating, making pollution attack extremely difficult, even using thousands of coordinated polluters simultaneously. We evaluated the proposed botnet under mitigation condition; and the experiments result show that such kind of advanced botnet is feasible, consequently posing a great challenge to security defenders. At last, we suggest some possible countermeasures to defend against such an advanced botnet. The ultimate goal of our work is to increase the understanding of the emerging advanced botnets, which will promote the development of more efficient countermeasures.
Key words:  P2P botnet  Hybrid botnet  Peer-list  Pollution attack