通信学报2017,Vol.38Issue(1):97-105,9.DOI:10.11959/j.issn.1000-436x.2017012
强抗毁性社交僵尸网络的构建及其防御
Modeling and countermeasures of a social network-based botnet with strong destroy-resistance
摘要
Abstract
To defeat botnets and ensure cyberspace security, a novel social network-based botnet with strong de-stroy-resistance (DR-SNbot), as well as its corresponding countermeasure, was proposed. DR-SNbot constructed command and control servers (C&C-Servers) based on social network. Each C&C-Server corresponded to a unique pseudo-random nickname. The botmaster issues commanded by hiding them in diaries using information hiding techniques, and then a novel C&C channel was established. When different proportions of C&C-Servers were invalid, DR-SNbot would send out different levels of alarms to inform attackers to construct new C&C-Servers. Then, DR-SNbot could automatically repair C&C com-munication to ensure its strong destroy-resistance. Under the experimental settings, DR-SNbot could resume the C&C com-munication in a short period of time to keep 100% of the control rate even if all the current C&C-Servers were invalid. Fi-nally, a botnet nickname detecting method was proposed based on the difference of lexical features of legal nicknames and pseudo-random nicknames. Experimental results show that the proposed method can effectively (precision: 96.88%, recall: 93%) detect pseudo-random nicknames generated by social network-based botnets with customized algorithms.关键词
网络安全/社交网络/僵尸网络/命令与控制信道/防御策略Key words
network security/social networks/botnet/command and control channel/countermeasure分类
信息技术与安全科学引用本文复制引用
尹涛,李世淙,庹宇鹏,张永铮..强抗毁性社交僵尸网络的构建及其防御[J].通信学报,2017,38(1):97-105,9.基金项目
国家自然科学基金资助项目(No.61572496 ) (No.61572496 )
国家高技术研究发展计划("863"计划)基金资助项目(No.2013AA014703,No.2012AA012801) The National Natural Science Foundation of China (No.61572496), The National High Technology Research and Development Program of China (863 Program) (No.2013AA014703, No.2012AA012801) ("863"计划)
