作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程

• 安全技术 • 上一篇    下一篇

基于Challenge策略的大规模恶意P2P僵尸节点检测技术

李景  1,姚一杨  2,卢新岱  1,乔勇  3   

  1. (1.国家电网浙江省电力公司电力科学研究院,杭州 310000; 2.国家电网浙江省电力公司信息通信分公司,杭州 310000; 3.国防科学技术大学 计算机科学与技术学院,长沙 410073)
  • 收稿日期:2015-06-17 出版日期:2016-10-15 发布日期:2016-10-15
  • 作者简介:李景(1983—),男,工程师、硕士,主研方向为信息安全;姚一杨,工程师、硕士;卢新岱,工程师;乔勇(通讯作者),高级工程师、博士。
  • 基金资助:
    浙江省杰出青年基金资助项目(LR14F020003)。

Large-scale Malicious P2P Botnet Node Detection Technology Based on Challenge Strategy

LI Jing 1,YAO Yiyang 2,LU Xindai 1,QIAO Yong 3   

  1. (1.Electric Power Research Institute,State Grid Zhejiang Electric Power Company,Hangzhou 310000,China; 2.Information Telecommunication Branch,State Grid Zhejiang Electric Power Company,Hangzhou 310000,China; 3.College of Computer Science and Technology,National University of Defense Technology,Changsha 410073,China)
  • Received:2015-06-17 Online:2016-10-15 Published:2016-10-15

摘要: 传统僵尸网络检测技术主要考虑在主机上或者某一个网关出口的边界处检测特点区域网内的僵尸节点,规模较小,检测效率较低。为了在更大范围内进行有效的对等网络(P2P)僵尸节点检测,提出基于Challenge的探测P2P网络中所寄生的恶意僵尸节点的策略。仿真实验结果表明,在超过400万个节点的KAD网络中,该检测技术可以检测到3 000个~9 000个寄生型P2P僵尸节点,能够估算KAD网络中可能存在的寄生型僵尸节点数目,对后续防御对象的精准定位和防御措施的准确设计具有参考作用。

关键词: Challenge策略, 僵尸网络, 对等网络, 爬虫, 分布式哈希表, 恶意节点

Abstract: Traditional botnet detection technologies mainly detect botnet nodes in specified area network on the hosts or the border of gateway export,which have small scale and low detection efficiency.To efficiently execute Peer-to-Peer(P2P) network botnet node detection in a larger range,this paper proposes a strategy to detect malicious botnet node parasitism in P2P network based on Challenge.Simulation results show that in KAD network including more than 4 million nodes,the detection technology can detect 3 000 to 9 000 parasitic P2P botnet nodes.It can estimate the number of possible parasitic botnet nodes in KAD network,which is of great guiding significance for accurate defense object positioning and defensive measures design.

Key words: Challenge strategy, botnet, Peer-to-Peer(P2P) network, crawler, Distributed Hash Table(DHT), malicious node

中图分类号: