动态自组织P2P僵尸网络的构建及其防御  

作　　者：赵昊 舒辉 刘潮歌 邢颖 赵耘田 ZHAO Hao;SHU Hui;LIU Chaoge;XING Ying;ZHAO Yuntian(State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)

机构地区：[1]数学工程与先进计算国家重点实验室,郑州450001 [2]中国科学院信息工程研究所,北京100093

出　　处：《信息安全学报》2023年第2期28-41,共14页Journal of Cyber Security

基　　金：国家重点研发计划前沿科技创新专项基金(No.2019QY1305)资助。

摘　　要：僵尸网络作为大规模攻击活动的基础平台,严重威胁网络空间安全,从预测的角度对其开展研究具有重要的现实意义。针对现有研究在终端感知、身份识别和动态对抗中存在的不足,本文概括僵尸网络生命周期,总结P2P结构僵尸网络的脆弱点,建立P2P僵尸网络动态对抗模型,分析节点真实性判断和网络拓扑优化重构的重要性。在此基础上,从攻击者视角提出一种新颖的动态自组织P2P僵尸网络模型DSBot。该模型在架构设计上可扩展至各类目标设备,通过基于可信度矩阵和真实性验证的节点安全性评估机制增强终端对抗性,并提出分阶段感染策略。借鉴无线自组网和多智能体的思路和方法,刻画节点属性多维表示和基于状态标识的动态网络框架,以此为基础设计O(Ni)更新算法、均匀连接算法和节点主动移除算法,并结合相应的初始化和调整机制提出网络自组织重构策略,从而进一步提升网络的健壮性。其中,O(Ni)更新算法确保节点的可信度,均匀连接算法降低网络暴露风险,节点主动移除算法实时移除可疑节点。从平均等待时间、命令可达率、网络连接度和重构稳定时间等方面对DSBot模型进行评估。实验结果表明,DSBot模型在效率和韧性上可满足僵尸网络命令控制机制的基本需求。最后,从终端清除、命令控制服务器打击和命令控制过程等方面讨论了可能的防御策略。本文旨在通过预测新型僵尸网络模型来完善防御解决方案。As the basic platform for large-scale attacks,botnets seriously threaten the security of cyberspace.It is of great practical significance to study botnet from the perspective of prediction.Aiming at the shortcomings of existing research in terminal perception,identity recognition and dynamic confrontation,this article outline the botnet life cycle,summarizes the vulnerabilities of P2P botnets,establishes a P2P botnet dynamic confrontation model,and analyzes the importance of node authenticity judgment and network topology optimization.On this basis,this paper proposes a novel dynamic self-organizing P2P botnet model DSBot from the attacker's perspective.The model can be extended to all kinds of target devices in architecture design,enhance terminal antagonism through node security evaluation mechanism based on reli-ability matrix and authenticity verification,and propose phased infection strategy.Based on the ideas and methods of wireless AD hoc network and multi-agent,the multi-dimensional representation of node attributes and the dynamic network framework based on state identification are describe.Then the O(Ni)update algorithm,uniform connection algorithm and active node removal algorithm are designed,and the self-organizing network reconstruction strategy is proposed combining the corresponding initialization and adjustment mechanism to further improve the robustness of the network.Among them,the O(Ni)update algorithm ensures the credibility of the node,the uniform connection algorithm reduces the risk of network exposure,and the node active removal algorithm removes suspicious nodes in real time.The DSBot model is evaluated from the aspects of average waiting time,command reachable rate,network connectivity and reconstruction stability time.Experimental results show that DSBot model can meet the basic requirements of botnet command control mechanism in terms of efficiency and resiliency.Finally,possible defense strategies are discussed in terms of terminal clearance,command control server strikes and command

关 键 词：网络安全 P2P僵尸网络 动态自组织 健壮性 

分 类 号：TP309.5[自动化与计算机技术—计算机系统结构]