面向可扩展僵尸网络的安全控制方法

doi:10.11959/j.issn.2096-109x.2023002

Abstract

Abstract:

Botnet is one of main threats towards the Internet.Currently, botnets can expand to the whole world due to various types of network services, pervasive security vulnerabilities and massive deployment of networked devices, e.g., internet of things (IoT) devices.Future botnets will become more cross-platform and stealthy, which introduces severe security risks to cyberspace.Therefore, in-depth research on botnets can offer study targets to corresponding defensive studies, which is very meaningful for designing an architecture to secure the next-generation cyberspace.Hence, an HTTP-based scalable botnet framework was proposed to address the problems of compatibility, stealthiness and security.Specifically, the framework adopted a centralized controlling model.Moreover, it used the HTTP protocol as the designed botnet’s communication protocol and block encryption mechanisms based on symmetric cryptography to protect the botnet’s communication contents.Furthermore, a secure control mechanism for multi-platform botnets was designed.In particular, the proposed mechanism utilized source-level code integration and cross-compilation techniques to solve the compatibility challenge.It also introduced encrypted communication with dynamic secret keys to overcome the drawbacks of network traffic regularity and ease of analysis in traditional botnets.Moreover, it designed server migration and reconnection mechanisms to address the weakness of single-point-failure in centralized botnet models.Simulation results in three experimental scenarios with different levels of botnet controllability show that there is a linear relationship between the size of a botnet and the service overhead of the related C＆amp;C servers.In addition, under the condition of the same botnet scale, a higher level of controllability introduces a higher throughput and a greater system overhead.The above results demonstrate the effectiveness and the practical feasibility of the proposed method.

Key words: botnet, secure control, multi-platform architecture, advanced encryption standard

CLC Number:

TP393

Qiang LIU, Pengfei LI, Zhangjie FU. Secure controlling method for scalable botnets[J]. Chinese Journal of Network and Information Security, 2023, 9(1): 42-55.

Figures/Tables 18

References 7

[8]	肖喜生, 龙春, 杜冠瑶 ,等. 基于流量摘要的僵尸网络检测[J]. 计算机系统应用, 2021,30(8): 186-193.
	XIAO X S , LONG C , DU G Y ,et al. Botnet detection based on flow summary[J]. Computer Systems ＆ Applications, 2021,30(8): 186-193.
[9]	罗扶华, 张爱新 . 基于深度学习的僵尸网络检测技术研究[J]. 通信技术, 2020,53(1): 174-179.
	LUO F H , ZHANG A X . Botnet detection technology based on deep learning[J]. Communications Technology, 2020,53(1): 174-179.
[10]	WANG X F , ZHANG D F , SU X . Design of mobile botnets Integrated SMS and HTTP protocol C＆C channel[J]. Journal of Chinese Computer Systems, 2014,35(7): 1458-1463.
[11]	KNYSZ M , HU X , ZENG Y ,et al. Open Wi-Fi networks:Lethal weapons for botnets[C]// Proceedings of the 2012 IEEE INFOCOM. 2012: 2631-2635.
[12]	WANG P , SPARKS S , ZOU C C . An advanced hybrid peer-to-peer botnet[J]. IEEE Transactions on Dependable and Secure Computing, 2010,7(2): 113-127.
[13]	HAN Q , YU W , ZHANG Y ,et al. Modeling and evaluating of typical advanced peer-to-peer botnet[J]. Performance Evaluation, 2014,72: 1-15.
[14]	高见, 芦天亮, 王威 . 基于P2P的僵尸网络C＆C设计与仿真[J]. 中国人民公安大学学报(自然科学版), 2015,21(3): 65-70.
	GAO J , LU T L , WANG W . C＆C design and simulation of P2P-based botnets[J]. Journal of Chinese People's Public Security University (Science and Technology), 2015,21(3): 65-70.
[15]	柳淑婷, 傅梓怡, 范亚芹 . 基于 Android 的僵尸网络设计与实现[J]. 吉林大学学报(信息科学版), 2016,34(2): 182-185.
	LIU S T , FU Z Y , FAN Y Q . Design and implementation of mobile botnet based on android system[J]. Journal of Jilin University (Information Science Edition), 2016,34(2): 182-185.
[16]	张翕然 . 物联网僵尸网络病毒传播模型研究及仿真[D]. 重庆:重庆理工大学, 2021.
	ZHANG X R . Research and Simulation of internet of things botnet virus propagation model[D]. Chongqing:Chongqing University of Technology, 2021.
[1]	HAN B , YANG X R , SUN Z G ,et al. OverWatch:A cross-plane DDoS attack defense framework with collaborative intelligence in SDN[J]. Security and Communication Networks, 2018.
[2]	腾讯云T-Sec DDoS防护团队,绿盟科技威胁情报团队. 2021年全球DDoS威胁报告[R]. 2022.
	Tencent Cloud T-SEC DDoS Defense Team,NSFOCUS Threat Intelligence Team. 2021 annual report of world-wide DDoS threats[R]. 2022.
[3]	European Union Agency for Cybersecurity (ENISA). ENISA threat landscape 2021[EB]. 2022.
[17]	BAUMGARTNER K , GARNAEVA M . BE2 custom plugins,router abuse,and target profiles[EB]. 2014.
[18]	周安民, 钟毅, 左政 ,等. D-BitBot:比特币网络双向通信的 P2P僵尸网络模型[J]. 哈尔滨工业大学学报, 2020,52(5): 66-74.
[4]	王钰蓥 . SAM Seamless Network报告显示2021年物联网攻击超过10亿次[J]. 互联网天地, 2022(5): 60.
	WANG Y Y . SAM Seamless Network report shows more than 1 billion IoT attacks in 2021[J]. China Internet, 2022(5): 60.
[18]	ZHOU A M , ZHONG Y , ZUO Z ,et al. D-BitBot:a P2P duplex botnet model in Bitcoin network[J]. Journal of Harbin Institute of Technology, 2020,52(5): 66-74.
[19]	赵昊, 舒辉, 康绯 ,等. 基于智能合约的高对抗性僵尸网络研究[J]. 网络与信息安全学报, 2021,7(4): 30-41.
[5]	HE J , YANG Y X , WANG X L ,et al. Adaptive traffic sampling for P2P botnet detection[J]. International Journal of Network Management, 2017,27(5): e1992.
[6]	吴迪, 方滨兴, 崔翔 ,等. BotCatcher:基于深度学习的僵尸网络检测系统[J]. 通信学报, 2018,39(8): 18-28.
[19]	ZHAO H , SHU H , KANG F ,et al. High resistance botnet based on smart contract[J]. Chinese Journal of Network and Information Security, 2021,7(4): 30-41.
[20]	WANG W , MA X . Blockchain-based botnets for command-and control resilience[J]. Botnets:Architectures,Countermeasures,and Challenges, 2019:217.
[6]	WU D , FANG B X , CUI X ,et al. BotCatcher:botnet detection system based on deep learning[J]. Journal on Communications, 2018,39(8): 18-28.
[7]	沈琦, 涂哲, 李坤 ,等. 基于集成学习的僵尸网络在线检测方法[J]. 计算机应用研究, 2022,39(6): 1845-1851.
	SHEN Q , TU Z , LI K ,et al. Online botnet detection method based on ensemble learning[J]. Application Research of Computers, 2022,39(6): 1845-1851.

Metrics

Recommended 0

No Suggested Reading articles found!

测试机	IP地址	操作系统	磁盘空间	CPU	内存大小/GB
物理机	192.168.8.100	Windows 10	—	Intel Core i7-8700 CPU @ 3.20 GHz	64
虚拟机	192.168.8.177	Ubuntu 16.04	50 GB		2

测试场景	报到间隔区间/s	僵尸主机规模/个	僵尸主机规模增长速度/(个.波次^-1)	每波次测试时间/s
低控制性	180～360	100～1 000	100	30
中控制性	60～120	100～1 000	100	30
高控制性	10～30	100～1 000	100	30

Secure controlling method for scalable botnets

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 18

References 7

Related Articles 3

Metrics

Recommended 0

[1]	Hao ZHAO, Hui SHU, Fei KANG, Ying XING. High resistance botnet based on smart contract [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 30-41.
[2]	Yuquan JIN, Bin XIE, Yi ZHU. Method of botnet network nodes detection base on communication similarity [J]. Chinese Journal of Network and Information Security, 2018, 4(10): 31-38.
[3]	Ya-liang CHEN,Qin-yun DAI,Hai-yan WU,Zheng WEI. Research on the reverse analyses and monitoring data of Mirai malware botnet [J]. Chinese Journal of Network and Information Security, 2017, 3(8): 35-43.