基于短地址混淆和谷歌云推送的移动僵尸网络的构建

doi:10.11772/j.issn.1001-9081.2015.06.1698

计算机应用 ›› 2015, Vol. 35 ›› Issue (6): 1698-1704.DOI: 10.11772/j.issn.1001-9081.2015.06.1698

基于短地址混淆和谷歌云推送的移动僵尸网络的构建

李娜^1,2, 杜彦辉¹, 陈默^1,3

1. 中国人民公安大学网络安全保卫学院, 北京 100076;
2. 唐山市公安局路南区分局指挥中心, 河北唐山 063000;
3. 襄阳市公安局出入境支队, 湖北襄阳 441000

收稿日期:2015-01-09 修回日期:2015-03-19 发布日期:2015-06-12
通讯作者: 李娜(1979-),女,河北丰润人,助理工程师,博士研究生,主要研究方向:网络安全;n_li@163.com
作者简介:杜彦辉(1969-),男,河北石家庄人,教授,博士生导师,博士,主要研究方向:网络安全;陈默(1987-),男,湖北襄阳人,硕士研究生,主要研究方向:网络安全。
基金资助:
国家自然科学基金资助项目(71173199);中央高校基本科研业务费资助项目(2014JKF01140,2014JKF01144)。

Construction of mobile botnet based on URL shortening services flux and Google cloud messaging for Android

LI Na^1,2, DU Yanhui¹, CHEN Mo^1,3

1. School of Cyber Security Defense, People's Public Security University of China, Beijing 100076, China;
2. Command Center, Lunan Sub-Bureau of Tangshan Municipal Public Security Bureau, Tangshan Hebei 063000, China;
3. Divsion of Exit-Entry Adiministration, Xiangyang Municipal Public Security Bureau, Xiangyang Hubei 441000, China

Received:2015-01-09 Revised:2015-03-19 Published:2015-06-12

摘要/Abstract

摘要：

为了提升对移动僵尸网络的预测能力和防御能力,提出了一种基于短地址混淆(USSes-Flux)和谷歌云(GCM)推送的移动僵尸网络的构建机制。设计了基于中心结构和对等网络(P2P)混合的拓扑结构的移动僵尸网络模型,给出了USSes-Flux算法,从而增强了命令与控制信道的隐秘性和强壮性。给出了该移动僵尸网络的控制模型,分析了不同僵尸节点的状态改变、命令设计和传播算法。实验环境中,研究了短地址的失效率与申请数量之间的关系,并对该移动僵尸网络与不同命令和控制信道的样本进行静态分析、动态分析和电量测试。结果表明:该移动僵尸网络具有较强的隐秘性、强壮性和低消耗。

关键词: 移动僵尸网络, 命令与控制信道, 网络模型, 云推送, 短地址混淆

Abstract:

In order to enhance the defensive ability and prediction ability of mobile network,a method for constructing mobile botnet based on a URL Shortening Services Flux (USSes-Flux) and Google Cloud Messaging for Android (GCM) was proposed. The mobile botnet model was designed with hybrid topology of central structure and peer-to-peer (P2P), USSes-Flux algorithm was presented, which increased robustness and stealthiness of Command and Control (C&C) channel. The control model was discussed. The states change of different bot, command design and propagation algorithm were also analyzed. In the test environment, the relationship between probability of short URL invalidness and number of required short URL was discussed. The static analysis, dynamic analysis and power testing of the mobile botnet and the samples of different C&C channel were carried out. The results show that the proposed mobile botnet is more stealthy, robust and low-cost.

Key words: mobile botnet, Command and Control (C&C) channel, network model, cloud push, URL Shortening Services Flux (USSes-Flux)

中图分类号:

TP393.08

李娜, 杜彦辉, 陈默. 基于短地址混淆和谷歌云推送的移动僵尸网络的构建[J]. 计算机应用, 2015, 35(6): 1698-1704.

LI Na, DU Yanhui, CHEN Mo. Construction of mobile botnet based on URL shortening services flux and Google cloud messaging for Android[J]. Journal of Computer Applications, 2015, 35(6): 1698-1704.

参考文献

[1] HUA J, SAKURAI K. A SMS-based mobile botnet using flooding algorithm [C]//Proceedings of the 5th IFIP WG 11.2 International Workshop on Information Security Theory and Practice, LNCS 6633. Berlin: Springer, 2011: 264-279.
[2] ZENG Y, SHIN K G, HU X. Design of SMS commanded-and-controlled and P2P-structured mobile botnets [C]//WISEC'12:Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks. New York: ACM, 2012: 137-148.
[3] MULLINER C, SEIFERT J-P. Rise of the iBots: Owning a telco network [C]//Proceedings of the 2010 5th International Conference on Malicious and Unwanted Software (MALWARE). Piscataway: IEEE, 2010: 71-80.
[4] GENG G, CHEN D, GAO H, et al. Design and analysis of mobile botnets [J]. Journal of Tsinghua University: Science and Technology, 2011, 51(10): 1329-1334. (耿贵宁, 陈冬青, 高海辉, 等. 移动僵尸网络的设计及分析[J]. 清华大学学报:自然科学版, 2011, 51(10): 1329-1334.)
[5] SINGH K, SANGAL S, JAIN N, et al. Evaluating bluetooth as a medium for botnet command and control [C]//DIMVA 2010: Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin: Springer, 2010: 61-80.
[6] CUI X, FANG B, YIN L, et al. Andbot: towards advanced mobile botnets [C]//Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent Threats. Berkley: USENIX Assocaition, 2011: 11-11.
[7] WANG S, CUI X, LIAO P, et al. S-URL Flux: A novel C&C protocol for mobile botnets [C]//ISCTCS 2012: Proceedings of the International Conference on Trustworthy Computing and Services, Communications in Computer and Information Science 320. Berlin: Springer, 2013: 412-419.
[8] KNYSZ M, HU X, ZENG Y, et al. Open WiFi networks: Lethal weapons for botnets? [C]//Proceedings of the 2012 IEEE INFOCOM. Piscataway: IEEE, 2012: 2631-2635.
[9] NASSAR M, STATE R, FESTOR O. VoIP malware: attack tool & attack scenarios [C]//ICC'09: Proceedings of the 2009 IEEE International Conference on Communications. Piscataway: IEEE, 2009: 1-6.
[10] WANG P, GONZÁLEZ M C, HIDALGO C A, et al. Understanding the spreading patterns of mobile phone viruses [J]. Science, 2009, 324(5930): 1071-1076.
[11] THOMAS K, NICOL D M. The Koobface botnet and the rise of social malware [C]//Proceedings of the 2010 5th International Conference on Malicious and Unwanted Software (MALWARE). Piscatway: IEEE, 2010: 63-70.
[12] NAGARAJA S, HOUMANSADR A, PIYAWONGWISAL P, et al. Stegobot: a covert social network botnet [C]//IH'11: Proceedings of the 13th International Conference on Information Hiding. Berlin: Springer, 2011: 299-313.
[13] LI Y, ZHAI L, WANG H, et al. Mobile botnet based on SNS [J]. Journal of Computer Research and Development, 2012, 49(S2): 1-8. (李跃, 翟立东, 王宏霞, 等. 一种基于社交网络的移动僵尸网络研究[J]. 计算机研究与发展, 2012, 49(S2): 1-8.)
[14] Google. Google Cloud Messaging for Android [EB/OL]. [2014-12-03]. http://developer.android.com/google/gcm/index.html.
[15] CHEN W, GONG P, YU L, et al. An adaptive push-styled command and control mechanism in mobile botnets [J]. Wuhan University Journal of Natural Sciences, 2013, 18(5): 427-434.
[16] ZHAO S, LEE P P C, LUI J C S, et al. Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service [C]//ACSAC'12: Proceedings of the 28th Annual Computer Security Applications Conference. New York: ACM, 2012: 119-128.
[17] LEE H, KANG T, LEE S, et al. Punobot: mobile botnet using push notification service in Android [C]//WISA 2013: Proceedings of the 14th International Workshop on Information Security Applications. Berlin: Springer, 2014: 124-137.
[18] Apple Inc. About local notifications and push notifications [EB/OL]. [2014-12-03]. http://developer.apple.com/library/mac/#documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/index.html.
[19] Microsoft. Push notifications (Windows phone) [EB/OL]. [2014-12-03]. http://technet.microsoft.com/zh-tw/library/hh221549.aspx.
[20] BlackBerry. Push Service [EB/OL]. [2014-12-04]. http://developer.blackberry.com/java/documentation/push_service_overview.html.
[21] Google. Making the most of Google cloud messaging [EB/OL]. [2014-12-04]. http://developer.android.com/training/cloudsync/gcm.html#multicast.
[22] Google. GCM advanced topics [EB/OL]. [2014-12-04]. http://developer.android.com/google/gcm/adv.html#payload.
[23] FANG B, CUI X, WANG W. Survey of botnets [J]. Journal of Computer Research and Development, 2011, 48(8): 1315-1331. (方滨兴, 崔翔, 王威. 僵尸网络综述[J]. 计算机研究与发展, 2011, 48(08): 1315-1331.)
[24] LI K, YU L, LI M, et al. Method for point-to-point information transmission of intelligent terminals:China, 102624912A[P].2012-03-20. (李科奕, 俞琳, 李明辉, 等. 一种智能终端点对点信息推送的方法:中国, 102624912A[P].2012-03-20.)
[25] ZHOU Y, JIANG X. Dissecting Android malware: Characterization and evolution [C]//Proceedings of the 2012 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2012: 95-109.
[26] ZHANG L, TIWANA B, QIAN Z, et al. Accurate online power estimation and automatic battery behavior based power model generation for smartphones [C]//Proceedings of the Eighth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis. New York: ACM, 2010: 105-114.

基于短地址混淆和谷歌云推送的移动僵尸网络的构建

Construction of mobile botnet based on URL shortening services flux and Google cloud messaging for Android

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 11

编辑推荐

Metrics

[1]	贾梦瑶, 王兴伟, 张爽, 易波, 黄敏. 基于软件定义网络的卫星网络容错路由机制[J]. 计算机应用, 2019, 39(6): 1772-1779.
[2]	冯明皓, 张天伦, 王林辉, 陈荣, 连少静. 改进的弹性网模型在深度神经网络中的应用[J]. 计算机应用, 2019, 39(10): 2809-2814.
[3]	丁超姚宏杜军彭兴钊李浩敏. 基于社团划分的复杂网络级联抗毁攻击策略[J]. 计算机应用, 2014, 34(6): 1666-1670.
[4]	马秀娟赵海兴. 和谐统一混合择优网络模型耦合映像格子的相继故障[J]. 计算机应用, 2014, 34(1): 18-22.
[5]	潘艳辉王韬吴杨郑燕茹. 基于组密钥序列卫星网络组密钥协商协议[J]. 计算机应用, 2012, 32(04): 964-967.
[6]	钟燕王鹏. 基于分层服务提供者保密通信的设计与实现[J]. 计算机应用, 2011, 31(12): 3340-3342.
[7]	许光全冯志勇李晓红陈锦言. 基于时间顺序标码的可计算的信任评价模型[J]. 计算机应用, 2010, 30(3): 663-667.
[8]	梁中军夏英. 短时交通流预测模型的网络结构估计[J]. 计算机应用, 2009, 29(12): 3249-3252.
[9]	贺正求贺建民张叶琳. 一种自组织的二维元胞自动机网络模型及分析[J]. 计算机应用, 2007, 27(6): 1330-1333.
[10]	赵云丰，刘万军. 人工神经网络在ERP系统中的应用[J]. 计算机应用, 2005, 25(04): 748-750.
[11]	唐辉，张国杰，黄建华，李祖鹏. 一种混合P2P网络模型研究与设计[J]. 计算机应用, 2005, 25(03): 521-524.