Abstract:
Botnet based on Kademlia can easily be hidden in the legitimate traffic, but Botnet which uses Kademlia as its protocol may be detected because of firewall’s blocking. This paper designs a new semi-distributed Botnet based on Kademlia. By changing hybrid Botnet’s backbone from unstructured network to Kademlia network, it can circumvent firewall and has small flow. Simulation comparison experiments show that the new Botnet has better flow characteristics and robustness than traditional Botnets. And three kinds of defensive mechanisms against the designed Botnet are proposed.
Key words:
Kademlia network,
Command and Control(C&C) mechanism,
P2P network,
semi-distributed,
Botnet,
firewall
摘要: 使用Kademlia协议的僵尸网络可利用海量合法流量隐藏攻击行为,但单纯使用Kademlia容易被防火墙拦截。针对该问题,设计一种基于Kademlia的新型半分布式僵尸网络。通过将Hybrid Botnet的主干部分由非结构化网络改为Kademlia网络,使之能规避防火墙,同时网络流量较小,通过仿真实验证明新型僵尸网络较传统网络具有更好的流量特性和鲁棒性。并给出3种抵御新型网络的防御措施。
关键词:
Kademlia网络,
命令控制机制,
P2P网络,
半分布式,
僵尸网络,
防火墙
CLC Number:
LI He-Shuai, SHU Dun-Hu, ZHOU Tian-Yang, WANG Qing-Xian. New Semi-distributed Botnet Based on Kademlia[J]. Computer Engineering, 2012, 38(08): 92-94.
李鹤帅, 朱俊虎, 周天阳, 王清贤. 基于Kademlia的新型半分布式僵尸网络[J]. 计算机工程, 2012, 38(08): 92-94.