基于Kademlia协议的高生存性P2P僵尸网络

doi:10.3724/SP.J.1087.2013.01362

计算机应用 ›› 2013, Vol. 33 ›› Issue (05): 1362-1377.DOI: 10.3724/SP.J.1087.2013.01362

基于Kademlia协议的高生存性P2P僵尸网络

朱俊虎,李鹤帅,王清贤,邱菡

信息工程大学，郑州 450002

收稿日期:2012-10-30 修回日期:2012-12-09 出版日期:2013-05-01 发布日期:2013-05-08
通讯作者: 李鹤帅
作者简介:朱俊虎(1974-)，男，江苏镇江人，副教授， CCF会员，主要研究方向：僵尸网络、网络安全测评；李鹤帅(1987-)，男，山西太原人，博士研究生，主要研究方向：僵尸网络；王清贤(1960-)，男，河南新乡人，教授，博士生导师，主要研究方向：网络信息安全；邱菡(1980-)，女，湖北随州人，讲师，主要研究方向：互联网技术、电信技术。

New P2P botnet with high survivability based on Kademlia protocol

ZHU Junhu,LI Heshuai,WANG Qingxian,QIU Han

Informaiton Engineering University, Zhengzhou Henan 450002, China

Received:2012-10-30 Revised:2012-12-09 Online:2013-05-08 Published:2013-05-01
Contact: LI Heshuai

摘要/Abstract

摘要： 为了提高僵尸网络的生存能力，通过对现有反僵尸网络技术的分析，从攻击者角度提出了一种基于Kademlia协议的高生存性P2P僵尸网络，通过设计一套通信加密认证和节点身份认证机制提高了僵尸网络的生存能力，理论分析表明该机制可以较为有效地应对伪造命令攻击和女巫攻击，并通过实验证明了新型僵尸网络的高生存性。

关键词: Kademlia网络, 僵尸网络, 生存能力, 加密认证, 女巫节点

Abstract: At present there are many kinds of technologies which can track, detect and counter botnet effectively, which are serious threats to botnet. In order to improve the survivability of botnets, with the analysis on the existing anti-botnet technology, the paper proposd a new P2P-botnet based on Kademlia protocol from an attacker's prospective. A communication encryption and node authentication mechanism was designed. The theoretical analysis shows that the mechanism can effectively address improper command attack and sybil attack. Eventually, the experimental results verify that this botnet has high survivability.

Key words: Kademlia network, botnet, survivability, cryptographic validation, sybil node

中图分类号:

TP393.08

朱俊虎李鹤帅王清贤邱菡. 基于Kademlia协议的高生存性P2P僵尸网络[J]. 计算机应用, 2013, 33(05): 1362-1377.

ZHU Junhu LI Heshuai WANG Qingxian QIU Han. New P2P botnet with high survivability based on Kademlia protocol[J]. Journal of Computer Applications, 2013, 33(05): 1362-1377.

参考文献

［1］诸葛建伟，韩心慧，周勇林,等．僵尸网络研究与进展［J］．软件学报，2008，19(3):702-715.

［2］LIU J, XIAO Y, GHABOOSI K, et al. Botnet: classification, attacks, detection, tracing, and preventive measures［C］// ICICIC'09: Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control. New York:ACM, 2009:1184-1187.

［3］李鹤帅，朱俊虎，周天阳，等．P2P技术在僵尸网络领域的应用［J］．计算机工程，2012，14(1):1-4.

［4］WANG P, WU L, ASLAM B, et al. A systematic study on peer-to-peer botnets［C］// ICCCN'09: Proceedings of International Conference on Computer Communications and Networks. Washington, DC: IEEE Computer Society, 2009:1-8.

［5］DASWANI N, STOPPELMAN M. The anatomy of clickbot［C］// Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets. Berkeley: USENIX Association, 2007.

［6］LI J, EHRENKRANZ T, KUENNING G, et al.Simulation and analysis on the resiliency and efficiency of malnets［C］// MMSM 2005: Proceedings of the 19 th Workshop on Principles of Advanced and Distributed Simulation.Washington, DC: IEEE Computer Society, 2005:262-269.

［7］MAYMOUNKOV P, MAZIERES D. Kademlia: A peer-to-peer information system based on the xor metric［C］// IPTPS: International Workshop on Peer-to-Peer Systems. Berlin:Springer, 2002:53-65.

［8］STARNBERGER G, KRUEGEL C, KIRDA E. Overbot - a botnet protocol based on Kademlia［C］// Proceedings of the 4th International Conference on Security and Privacy in Communication Networks. New York:ACM, 2008:1-9.

［9］WANG P, TYRA J, CHAN E, et al. Attacking the Kad network［C］// Proceedings of the 4th International Conference on Security and Privacy in Communication Networks. New York:ACM, 2008:877-907.

［10］WANG P, SPARKS S, ZOU C C. An advanced hybrid peer-to-peer botnet［C］// Proceedings 2007 USENIX First Workshop on Hot Topics in Understanding Botnets. Berkeley: USENIX Association, 2007:2.
［11］ZHU Z S, LU G H, CHEN Y, et al.Botnet research survey［C］// COMPSAC'08: 2008 32nd Annual IEEE International Computer Software and Applications Conference.Washington, DC: IEEE Computer Society, 2008:967-972.

［12］ZHUGE J, HAN X, YE Z, et al.Discover and track botnets［C］// Proceeedings of the Chinese Symposium on Network and Information Security.New York:ACM, 2005:183-189.

［13］DOUCEUR J. The sybil attack ［C］// Proceedings of the 1st International Workshop on Peer-to-Peer Systems. Berlin:Springer,2002: 251-260.

［14］STONE B, COVA M, CAVALLARO L, et al.Your botnet is my botnet: analysis of a botnet takeover［EB/OL］.［2012-08-12］. http://www.csd.uoc.gr/~hy558/papers/torpig.pdf.

［15］CERTICOM. Press release: Certicom announces elliptic curvecryptosystem (ECC) challenge winner［R/OL］. [2012-10-01].http://www.certicom.com/2002-press-releases/38-2002-press-releases/340.

[1]	田朔玮, 杨岳湘, 何杰, 王晓磊, 江志雄. 基于统计特征的隐匿P2P主机实时检测系统[J]. 计算机应用, 2015, 35(7): 1892-1896.
[2]	李娜, 杜彦辉, 陈默. 基于短地址混淆和谷歌云推送的移动僵尸网络的构建[J]. 计算机应用, 2015, 35(6): 1698-1704.
[3]	冯丽萍, 宋礼鹏, 王鸿斌, 赵青杉. P2P僵尸网络的传播建模与分析[J]. 计算机应用, 2015, 35(1): 68-71.
[4]	朱俊虎李鹤帅王清贤邱菡. 基于重组的半分布式僵尸网络抗打击技术[J]. 计算机应用, 2013, 33(10): 2851-2853.
[5]	冯丽萍韩琦王鸿斌康苏明. P2P僵尸网络的有效免疫措施[J]. 计算机应用, 2012, 32(09): 2617-2619.
[6]	许晓东程建国朱士瑞. 非结构化P2P僵尸网络鲁棒性分析[J]. 计算机应用, 2011, 31(12): 3343-3345.
[7]	范轶彦邬国锐. 动态僵尸网络模型研究[J]. 计算机应用, 2010, 30(3): 692-694.
[8]	刘丹李毅超胡跃. 多阶段过滤的P2P僵尸网络检测方法[J]. 计算机应用, 2010, 30(12): 3354-3356.
[9]	黄萍谭良. 半分布式P2P Botnet控制服务器的设计与实现[J]. 计算机应用, 2009, 29(09): 2446-2449.
[10]	孙彦东李东 . 僵尸网络综述[J]. 计算机应用, 2006, 26(7): 1628-1630.
[11]	王文奇; 李伟华;史兴键;等. 基于Agent的网络安全系统协同控制研究[J]. 计算机应用, 2005, 25(10): 2280-2282.

基于Kademlia协议的高生存性P2P僵尸网络

New P2P botnet with high survivability based on Kademlia protocol

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 11

编辑推荐

Metrics