基于特征相似性的僵尸云网络检测
|
摘要
针对僵尸网络与云计算技术的结合产生新型僵尸云网络(BotCloud),分析BotCloud的特点、工作原理及检测机制,采用对BotCloud境下的特征相似性的僵尸云网络检测框架,以提高对BotCloud的检测的效率和准确度。
Against botnets and the combination of cloud computing technology to produce new zombie cloud network(BotCloud),this paper analyses the feature of the BotClouds,threat and working principle of the BotClouds in infection. Similarity measures are performaed using three characteristics of BotCloud's data flow,date packets and traffic volume in the process of infection,transmission and operation. In order to improve the detection effciency and accuracy,a BotCloud network detection frameworkwith similar characteristics in the cloud environment is designed.
Against botnets and the combination of cloud computing technology to produce new zombie cloud network(BotCloud),this paper analyses the feature of the BotClouds,threat and working principle of the BotClouds in infection. Similarity measures are performaed using three characteristics of BotCloud's data flow,date packets and traffic volume in the process of infection,transmission and operation. In order to improve the detection effciency and accuracy,a BotCloud network detection frameworkwith similar characteristics in the cloud environment is designed.
引文
[1]方滨兴,崔翔,王威.僵尸网络综述[J].计算机研究与发展,2011,48(8):1315-1331.FANG Binxing,CUI Xiang,WANG Wei.Survey of Botnets[J]. Journal of Computer Research and Development,2011,48(8):1315-1331.
[2]李可,方滨兴,崔翔,等.僵尸网络发展研究[J].计算机研究与发展,2016,53(10):2189-2206.LI Ke,FANG Binxing,CUI Xiang,et al. Study Of BotnetsTrends[J]. Journal of Computer Research and Development,2016,53(10):2189-2206.
[3]Clark K P,Warnier M,Brazier F M T. Botclouds-TheFuture of Cloud-based Botnets?[C]//Closer 2011-Proceedings of the,International Conference on Cloud Computing and Services Science,Noordwijkerhout,Netherlands,7-9 May. DBLP,2011:597-603.
[4] WenkeLee,CliffWang,DavidDagon. Botnet Detection:Countering the Largest Security Threat[C]//Springer-Verlag New York Inc.2007.
[5]Dagon D. Botnet detection and response-the network isthe infec-tion[C]//OARC Workshop,2005.
[6]Villamarin-Salomon R,Brustoloni J C. Identifying botnetsusing anomaly detection techniques applied to DNS traffic[C]//Pro-ceedings of the 5th IEEE Consumer Communications and Net-working Conference,2008:476-481.
[7]Seifert,C.,Welch,I. and Komisarczuk,P. HoneyC-The Low-Interaction Client Honeypot[C]//Proceedings ofthe 2007 NZCSRCS,Waikato University,Hamilton,NewZealand,April 2007.
[8]Kuwatly I,Sraj M,Masri Z A,et al. A dynamic Honeypotdesign for intrusion detection[M]. Washington,DC:IEEEComputer Society,2004.
[9]诸葛建伟,韩心慧,周勇林,等. HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器[J].通信学报,2007,12(28):8-12.ZHUGE Jianwei,HAN Xinhui,ZHOU Yonglin,et al. HoneyBow:an automated malware collection tool based on thehigh-interaction honeypot principle[J]. Journal on Communications,2007,12(28):8-12.
[10]刘建波.基于流量分析的P2P僵尸网络检测[J].计算机与数字工程,2011,3(257):90-91.LIU Jianbo. Detection of P2P Botnet Based on Analysisof Flow[J]. Computer&Digital Engineering,2011,3(257):90-91.
[11]刘丹,李毅超,胡跃.多阶段过滤的P2P僵尸网络检测方法[J].计算机应用,2010,12(30):3355-3356.LIU Dan,LI Yichao,HU Yue. P2P-Botnetdetectionbasedonmulti-stagefiltration[J]. Journal of Computer Applications,2010,12(30):3355-3356.
[12]成淑萍,甘元彪.云计算环境下的僵尸网络[J].微型机与应用,2017(10):5-6,14.CHENG Shuping,GAN Yuanbiao. A Botnet in a CloudComputing Environment[J]. Microcomputer and Application,2017(10):5-6,14.
[13]B. Hammi,G. Doyen and R. Khatoun. UnderstandingBotclouds from a system perspective:a Principal Component Analysis[J]. The 14th IEEE/IFIP Network Operations and Management Symposium(NOMS 2014),2014:5-9.
[14]J. Francois,S. Wang,W. Bronzi,R. State,T. Engel.Botcloud:Detecting botnetsusing mapreduce[C]//In Information Forensics and Security(WIFS),IEEE International Workshop on,2011:1-6.
[15]臧天宁,云晓春,张永铮,等.僵尸网络关系云模型分析算法[J].武汉大学学报(信息科学版),2012(02):247-251.ZANG Tianning,YUN Xiaochun,ZHANG Yongzheng,etal. A Botnet Relationship Analyzer Based on Cloud Model[J]. Geomatics and Information Science of Wuhan University,2012(02):247-251.
[2]李可,方滨兴,崔翔,等.僵尸网络发展研究[J].计算机研究与发展,2016,53(10):2189-2206.LI Ke,FANG Binxing,CUI Xiang,et al. Study Of BotnetsTrends[J]. Journal of Computer Research and Development,2016,53(10):2189-2206.
[3]Clark K P,Warnier M,Brazier F M T. Botclouds-TheFuture of Cloud-based Botnets?[C]//Closer 2011-Proceedings of the,International Conference on Cloud Computing and Services Science,Noordwijkerhout,Netherlands,7-9 May. DBLP,2011:597-603.
[4] WenkeLee,CliffWang,DavidDagon. Botnet Detection:Countering the Largest Security Threat[C]//Springer-Verlag New York Inc.2007.
[5]Dagon D. Botnet detection and response-the network isthe infec-tion[C]//OARC Workshop,2005.
[6]Villamarin-Salomon R,Brustoloni J C. Identifying botnetsusing anomaly detection techniques applied to DNS traffic[C]//Pro-ceedings of the 5th IEEE Consumer Communications and Net-working Conference,2008:476-481.
[7]Seifert,C.,Welch,I. and Komisarczuk,P. HoneyC-The Low-Interaction Client Honeypot[C]//Proceedings ofthe 2007 NZCSRCS,Waikato University,Hamilton,NewZealand,April 2007.
[8]Kuwatly I,Sraj M,Masri Z A,et al. A dynamic Honeypotdesign for intrusion detection[M]. Washington,DC:IEEEComputer Society,2004.
[9]诸葛建伟,韩心慧,周勇林,等. HoneyBow:一个基于高交互式蜜罐技术的恶意代码自动捕获器[J].通信学报,2007,12(28):8-12.ZHUGE Jianwei,HAN Xinhui,ZHOU Yonglin,et al. HoneyBow:an automated malware collection tool based on thehigh-interaction honeypot principle[J]. Journal on Communications,2007,12(28):8-12.
[10]刘建波.基于流量分析的P2P僵尸网络检测[J].计算机与数字工程,2011,3(257):90-91.LIU Jianbo. Detection of P2P Botnet Based on Analysisof Flow[J]. Computer&Digital Engineering,2011,3(257):90-91.
[11]刘丹,李毅超,胡跃.多阶段过滤的P2P僵尸网络检测方法[J].计算机应用,2010,12(30):3355-3356.LIU Dan,LI Yichao,HU Yue. P2P-Botnetdetectionbasedonmulti-stagefiltration[J]. Journal of Computer Applications,2010,12(30):3355-3356.
[12]成淑萍,甘元彪.云计算环境下的僵尸网络[J].微型机与应用,2017(10):5-6,14.CHENG Shuping,GAN Yuanbiao. A Botnet in a CloudComputing Environment[J]. Microcomputer and Application,2017(10):5-6,14.
[13]B. Hammi,G. Doyen and R. Khatoun. UnderstandingBotclouds from a system perspective:a Principal Component Analysis[J]. The 14th IEEE/IFIP Network Operations and Management Symposium(NOMS 2014),2014:5-9.
[14]J. Francois,S. Wang,W. Bronzi,R. State,T. Engel.Botcloud:Detecting botnetsusing mapreduce[C]//In Information Forensics and Security(WIFS),IEEE International Workshop on,2011:1-6.
[15]臧天宁,云晓春,张永铮,等.僵尸网络关系云模型分析算法[J].武汉大学学报(信息科学版),2012(02):247-251.ZANG Tianning,YUN Xiaochun,ZHANG Yongzheng,etal. A Botnet Relationship Analyzer Based on Cloud Model[J]. Geomatics and Information Science of Wuhan University,2012(02):247-251.