检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:司成祥[1] 孙波[1] 杨文瀚[2] 张慧琳[2] 薛晓楠[2]
机构地区:[1]国家计算机网络应急技术处理协调中心,北京100029 [2]北京大学计算机科学技术研究所,北京100871
出 处:《通信学报》2013年第S1期197-206,共10页Journal on Communications
基 金:国家242信息安全计划基金资助项目(2011A40);国家自然科学基金资助项目(61003127)~~
摘 要:僵尸网络是当前互联网上存在的一类严重安全威胁。传统的被动监控方法需要经过证据积累、检测和反应的过程,只能在实际恶意活动发生之后发现僵尸网络的存在。提出了基于僵尸网络控制端通信协议指纹的分布式主动探测方法,通过逆向分析僵尸网络的控制端和被控端样本,提取僵尸网络通信协议,并从控制端回复信息中抽取通信协议交互指纹,最后基于通信协议指纹对网络上的主机进行主动探测。基于该方法,设计并实现了ActiveSpear主动探测系统,该系统采用分布式架构,扫描所使用的IP动态变化,支持对多种通信协议的僵尸网络控制端的并行扫描。在实验环境中对系统的功能性验证证明了方法的有效性,实际环境中对系统扫描效率的评估说明系统能够在可接受的时间内完成对网段的大规模扫描。Nowadays, botnet is still a kind of severe threat on the Internet. It wastes lots of time for traditional passive monitoring approaches to collect enough evidence, to detect and react. Only after real malicious activities occur can we find the existence of botnet. An active probing approach was proposed based on botnet controller's communication protocol fingerprint. Botnet samples including client and server were analyzed and the command and control protocol of the botnet were collected. The communication protocol fingerprint was also extracted from controller's response message and the host on the Internet was scanned with the communication protocol fingerprint. Active Spear active probing system was designed and implemented based on the approach. The system employs distributed architecture and IP used in the scanning is dynamic. The system supports to scan many botnets owning different types of protocols as their command and control protocols. The functional verification in the testing environment proves the effectiveness of the approach and the evaluation to scanning efficiency in the real network environment shows the ability that the system can finish task of scanning a large scale of IP section in an acceptable time.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.46