基于Challenge策略的大规模恶意P2P僵尸节点检测技术

doi:10.3969/j.issn.1000-3428.2016.10.028

计算机工程

基于Challenge策略的大规模恶意P2P僵尸节点检测技术

李景¹,姚一杨 ²,卢新岱¹,乔勇 ³

(1.国家电网浙江省电力公司电力科学研究院,杭州 310000; 2.国家电网浙江省电力公司信息通信分公司,杭州 310000; 3.国防科学技术大学计算机科学与技术学院,长沙 410073)

收稿日期:2015-06-17 出版日期:2016-10-15 发布日期:2016-10-15
作者简介:李景(1983—),男,工程师、硕士,主研方向为信息安全;姚一杨,工程师、硕士;卢新岱,工程师;乔勇(通讯作者),高级工程师、博士。
基金资助:
浙江省杰出青年基金资助项目(LR14F020003)。

Large-scale Malicious P2P Botnet Node Detection Technology Based on Challenge Strategy

LI Jing¹,YAO Yiyang²,LU Xindai ¹,QIAO Yong³

(1.Electric Power Research Institute,State Grid Zhejiang Electric Power Company,Hangzhou 310000,China; 2.Information Telecommunication Branch,State Grid Zhejiang Electric Power Company,Hangzhou 310000,China; 3.College of Computer Science and Technology,National University of Defense Technology,Changsha 410073,China)

Received:2015-06-17 Online:2016-10-15 Published:2016-10-15

摘要/Abstract

摘要： 传统僵尸网络检测技术主要考虑在主机上或者某一个网关出口的边界处检测特点区域网内的僵尸节点,规模较小,检测效率较低。为了在更大范围内进行有效的对等网络(P2P)僵尸节点检测,提出基于Challenge的探测P2P网络中所寄生的恶意僵尸节点的策略。仿真实验结果表明,在超过400万个节点的KAD网络中,该检测技术可以检测到3 000个~9 000个寄生型P2P僵尸节点,能够估算KAD网络中可能存在的寄生型僵尸节点数目,对后续防御对象的精准定位和防御措施的准确设计具有参考作用。

关键词: Challenge策略, 僵尸网络, 对等网络, 爬虫, 分布式哈希表, 恶意节点

Abstract: Traditional botnet detection technologies mainly detect botnet nodes in specified area network on the hosts or the border of gateway export,which have small scale and low detection efficiency.To efficiently execute Peer-to-Peer(P2P) network botnet node detection in a larger range,this paper proposes a strategy to detect malicious botnet node parasitism in P2P network based on Challenge.Simulation results show that in KAD network including more than 4 million nodes,the detection technology can detect 3 000 to 9 000 parasitic P2P botnet nodes.It can estimate the number of possible parasitic botnet nodes in KAD network,which is of great guiding significance for accurate defense object positioning and defensive measures design.

Key words: Challenge strategy, botnet, Peer-to-Peer(P2P) network, crawler, Distributed Hash Table(DHT), malicious node

中图分类号:

TP393.08

李景,姚一杨,卢新岱,乔勇. 基于Challenge策略的大规模恶意P2P僵尸节点检测技术[J]. 计算机工程, doi: 10.3969/j.issn.1000-3428.2016.10.028.

LI Jing,YAO Yiyang,LU Xindai,QIAO Yong. Large-scale Malicious P2P Botnet Node Detection Technology Based on Challenge Strategy[J]. Computer Engineering, doi: 10.3969/j.issn.1000-3428.2016.10.028.

http://www.ecice06.com/CN/Y2016/V42/I10/158

参考文献

参考文献［1］Nagaraja S,Mittal P,Hong Chiyao,et al.BotGrep:Finding P2P Bots with Structured Graph Analysis［C］//Proceedings of the 19th USENIX Conference on Security.New York,USA:ACM Press,2010:7. ［2］Holz T,Steiner M,Dahl F,et al.Measurements and Mitigation of Peer-to-Peer-based Botnets:A Case Study on Storm Worm［C］//Proceedings of the 1st Usenix Workshop on Large-scale Exploits and Emergent Threats.New York,USA:ACM Press,2008:115-124. ［3］Wang Binbin,Li Zhitang,Tu Hao,et al.Actively Measuring Bots in Peer-to-Peer Networks［M］.New York,USA:ACM Press,2009. ［4］谢晃,张昱,王云凯.非结构化P2P 网络中基于节点的MQR 算法设计与实现［J］.计算机工程,2014,40(9):111-116. ［5］王君,冀常鹏,汪洋,等.P2P网络中基于云模型的信任机制研究［J］.计算机工程,2014,40(5):124-128. ［6］Sarat S,Terzis A.Measuring the Storm Worm Network:01-10-2007［R］.HiNRG Johns Hopkins University,2007. ［7］Kutzner K,Fuhrmann T.Measuring Large Overlay Networks——The Overnet Example［C］//Proceedings of the 14th Conference on Kommunikation in Verteilten Systemen.Berlin,Germany:Springer,2005:193-204. ［8］黎梨苗,陈志刚,桂劲松,等.基于优先权的P2P网络信任模型［J］.计算机工程,2013,39(5):148-151. ［9］Starnberger G,Kruegel C,Kirda E.Overbot:A Botnet Protocol Based on Kademlia［C］//Proceedings of the 4th International Conference on Security and Privacy in Communication Networks.New York,USA:ACM Press,2008:241-242. ［10］Wang Ping,Wu Lei,Aslam B,et al.A Systematic Study on Peer-to-Peer Botnets［C］//Proceedings of the 18th International Conference on Computer Communications and Networks.Washington D.C.,USA:IEEE Press,2009:1-8. ［11］Wang Ping,Aslam B,Zou C C.Peer-to-Peer Botnets:The Next Generation of Botnet Attacks［J］.Electrical Engineering,2010,24(4):1-25. ［12］成淑萍,谭良.基于网络流量的僵尸网络动态检测模型［J］.计算机工程,2014,40(11):106-112. ［13］Liu Xuejiao,Xiao Debao,Ma Nian,et al.A Scalable,Vulnerability Modeling and Correlating Method for Network Security［C］//Proceedings of the 4th Inter-national Conference on Scalable Information Systems.Washington D.C.,USA:IEEE Press,2009:217-227. ［14］Liu Xuejiao,Fang Chengfang,Xiao Debao,et al.A Goal-oriented Approach for Modeling and Analyzing Attack Graph［C］//Proceedings of International Conference on Information Science and Application.Washington D.C.,USA:IEEE Press,2010:1-8. ［15］Stoica I,Morris R,Karger D,et al.Chord:A Scalable Peer-to-Peer Lookup Service for Internet Applications［C］//Proceedings of ACM SIGCOMM Computer Communi-cation Review.New York,USA:ACM Press,2001:149-160. ［16］Rowstron A,Druschel P.Pastry:Scalable,Decentralized Object Location,and Routing for Large-scale P2P Systems［C］//Proceedings of International Conference on Distributed Systems Platforms.New York,USA:ACM Press,2001:23-29. ［17］Maymounkov P,Mazieres D.Kademlia:A Peer-to-Peer Information System Based on the Xor Metric［J］.Peer-to-Peer Systems,2002,32(2):53-65. ［18］Wang Binbin,Li Zhitang,Tu Hao,et al.Actively Measuring Bots in Peer-to-Peer Networks［C］//Proceedings of Inter-national Conference on Networks Security,Wireless Com-munications and Trusted Computing.New York,USA:ACM Press,2009:603-607. ［19］邵秀丽,蒋鸿玲,耿梅洁,等.基于关联关系和Map Reduce的僵尸网络检测［J］.计算机工程,2014,40(5):115-119. 编辑顾逸斐

[1]	葛昕, 邹福泰, 郭万达, 谭越, 李林森. 社交僵尸网络发展综述[J]. 计算机工程, 2022, 48(8): 12-24.
[2]	周远林, 陶洋, 李正阳, 杨柳. 基于双簇头的无线传感器网络反馈信任模型[J]. 计算机工程, 2021, 47(3): 174-182.
[3]	东熠, 刘景发, 刘文杰. 基于多目标蚁群算法的主题爬虫策略[J]. 计算机工程, 2020, 46(9): 274-282.
[4]	胡斌, 周志洪, 姚立红, 李建华. 结合报文负载与流指纹特征的恶意流量检测[J]. 计算机工程, 2020, 46(11): 157-163.
[5]	刘景发,李新,蒋盛益. 基于网页空间进化算法的暴雨灾害主题爬虫策略[J]. 计算机工程, 2019, 45(2): 184-190.
[6]	张树涛, 谭海波, 陈良锋, 吕波. 一种高效的分布式爬虫系统负载均衡策略[J]. 计算机工程, 2019, 45(11): 62-67.
[7]	李骜骋,王峥. 基于Fast-Flux的DNS异常行为分析[J]. 计算机工程, 2018, 44(12): 184-189,195.
[8]	高峰,刘震,高辉. 结合有监督广度优先搜索策略的通用垂直爬虫方法[J]. 计算机工程, 2018, 44(11): 289-299.
[9]	李大伟. 通用僵尸网络实验平台设计[J]. 计算机工程, 2018, 44(11): 123-128.
[10]	陈瑞东,赵凌园,张小松. 基于模糊聚类的僵尸网络识别技术[J]. 计算机工程, 2018, 44(10): 46-50.
[11]	左晓军,董立勉,曲武. 基于域名系统流量的Fast-Flux僵尸网络检测方法[J]. 计算机工程, 2017, 43(9): 185-193.
[12]	张莉,魏柯,杨浩. 一种面向MANET的启发式恶意节点发现与隔离策略[J]. 计算机工程, 2017, 43(5): 129-133,142.
[13]	齐迎春,朱海. 基于定向虚拟骨干网的WSN移动代理迁移协议[J]. 计算机工程, 2016, 42(7): 139-145.
[14]	葛强,陈前程,周珂,臧文乾,严运广,方鑫. 一种遥感数据快速传输策略研究[J]. 计算机工程, 2016, 42(6): 27-30.
[15]	魏勇,胡丹露,郝晨光,欧小平. 基于分类关键词词频模型的地缘政治主题爬虫设计[J]. 计算机工程, 2016, 42(2): 45-50.

选择文件类型/文献管理软件名称

选择包含的内容

基于Challenge策略的大规模恶意P2P僵尸节点检测技术

Large-scale Malicious P2P Botnet Node Detection Technology Based on Challenge Strategy

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于Challenge策略的大规模恶意P2P僵尸节点检测技术

Large-scale Malicious P2P Botnet Node Detection Technology Based on Challenge Strategy

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价