| 识别蜜罐网络的P2P僵尸网络构建机制 |
| |
| 引用本文: | 李雪峰,段海新,诸葛建伟,吴建平.识别蜜罐网络的P2P僵尸网络构建机制[J].清华大学学报(自然科学版),2012(3):385-389. |
| |
| 作者姓名: | 李雪峰 段海新 诸葛建伟 吴建平 |
| |
| 作者单位: | 清华大学计算机科学与技术系 |
| |
| 基金项目: | 国家自然科学基金项目(61003127) |
| |
| 摘 要: | P2P僵尸网络构建过程中要解决的主要问题是如何识别由大量蜜罐(honeypot)组成的蜜罐网络(honeynet),特别是避免在僵尸网络中混入蜜罐节点。根据P2P僵尸网络构建机制的工作原理,可将其构建机制划分为:传播与扩散、节点加入和拓扑构建3个功能模块。基于这3个功能模块,该文提出一种指定优先攻击列表的传播模块,基于身份验证的节点加入模块,以及模拟遗传机制的拓扑构建模块等相结合的P2P僵尸网络构建机制。证明了该机制能有效识别蜜罐节点,并建立其传播模型,同识别蜜罐的僵尸网络传播模型进行对比,通过数学分析及模拟证明该机制在一定条件下具有更高的构建效率。最后针对该机制带来的威胁讨论了一些可能的防御方法。
|
| 关 键 词: | 计算机网络 网络安全 P2P僵尸网络 蜜罐网络 传播模型 |
Construction of a honeynet-aware P2P-botnet |
| |
| LI Xuefeng,DUAN Haixin,ZHUGE Jianwei,WU Jianping.Construction of a honeynet-aware P2P-botnet[J].Journal of Tsinghua University(Science and Technology),2012(3):385-389. |
| |
| Authors: | LI Xuefeng DUAN Haixin ZHUGE Jianwei WU Jianping |
| |
| Institution: | (Department of Computer Science and Technology, Tsinghua University,Beijing 100084,China) |
| |
| Abstract: | The key problems in the construction of P2P-botnets are how to identify the honeynet(the network of honeypots) and how to avoid integrating the honeypots into the P2P-botnet.P2P-botnet construction includes propagation,node joining,and topology construction.This paper presents a construction method for a honeynet-aware P2P-botnet based on three modules.The propagation module includes the monitoring nodes in the designed attack list.The node joining module differentiates botnet nodes from the honeypot.The topology construction module constructs the topology of the P2P-botnet using a genetic algorithm.The construction mechanism effectively identifies the honeypots,constructs the P2P-botnet propagation model,and compares it with the honeypot-aware botnet model.The results show that this method is more efficient for certain conditions.Methods are given to defend against honeynet-aware attacks. |
| |
| Keywords: | computer networks network security P2P-botnet honeynet propagation model |
| 本文献已被 CNKI 等数据库收录! |
|
