电信科学 ›› 2019, Vol. 35 ›› Issue (6): 96-101.doi: 10.11959/j.issn.1000-0801.2019152

• 研究与开发 • 上一篇    下一篇

物联网DDoS僵尸网络C&C通信流量检测分析研究

贺余盛   

  1. 国家计算机网络应急技术处理协调中心江西分中心,江西 南昌 330038
  • 修回日期:2019-05-22 出版日期:2019-06-20 发布日期:2019-06-20
  • 作者简介:贺余盛(1971- ),男,国家计算机网络应急技术处理协调中心江西分中心副主任兼总工程师、高级工程师,主要从事互联网及数据通信相关系统建设、维护、经营管理和网络安全监管工作,主要研究方向为互联网网络安全应急响应。

Research on C&C traffic detection of DDoS BotNet in internet of things

HE Yusheng   

  1. Jiangxi Branch of National Internet Emergency Center,Nanchang 330038,China
  • Revised:2019-05-22 Online:2019-06-20 Published:2019-06-20

在线阅读

36

PDF下载

434

摘要:

物联网 DDoS 僵尸网络 C&C 通信检测是识别 DDoS 僵尸网络的重要组成部分。通过分析僵尸网络C&C通信流量总结出C&C通信数据分组较小和DNS通信的周期性的特点,从而提出基于网络通信流量的特性识别僵尸网络C&C通信的方法,提升了僵尸网络C&C通信识别的查准率。

关键词: C&C通信, DDoS, 僵尸网络, DNS, 数据分组

Abstract:

C&C communication detection used in IoT DDoS BotNet is an important part to identify DDoS BotNet.By analyzing C&C communication traffic in the BotNet,the characteristics of the smaller C&C communication data packet and the periodicity of DNS communication were summarized.Based on these characteristics of the network communication traffic,a method to identify C&C communication in the BotNet was proposed,which helped to improve the accuracy rate of identifying C&C communication in the BotNet.

Key words: C&C communication, DDoS, BotNet, DNS, data packet

中图分类号: 

No Suggested Reading articles found!