Journal on Communications ›› 2014, Vol. 35 ›› Issue (1): 156-166.doi: 10.3969/j.issn.1000-436x.2014.01.018
• Academic communication • Previous Articles Next Articles
Zhi WANG,Ya-yun CAI,Lu LIU,Chun-fu JIA
Online:
2014-01-25
Published:
2017-06-17
Supported by:
Zhi WANG,Ya-yun CAI,Lu LIU,Chun-fu JIA. Using coverage analysis to extract Botnet command-and-control protocol[J]. Journal on Communications, 2014, 35(1): 156-166.
[1] | 诸葛建伟, 韩心慧, 周林 等. 僵尸网络研究[J]. 软件学报, 2008,19(3): 702-715. ZHUGE J W , HAN X H , ZHOU L ,et al. Research and development of Botnets[J]. Journal of Software, 2008,19(3): 702-715. |
[2] | 方滨兴, 崔翔, 王威 . 僵尸网络综述[J]. 计算机研究与发展, 2011,48(8): 1315-1331. FANG B X , CUI X , WANG W . Survey of Botnets[J]. Journal of Computer Research and Development, 2011,48(8): 1315-1331. |
[3] | 王天佐, 王怀民, 刘波等 . 僵尸网络中的关键问题[J]. 计算机学报, 2012,35(6): 1192-1208. WANG T Z , WANG H M , LIU B ,et al. Some critical problems of Botnets[J]. Chinese Journal of Computers, 2012,35(6): 1192-1208. |
[4] | 江健, 诸葛建伟, 段海新 等. 僵尸网络机理与防御技术[J].2012,23(1):82-96. 2012,23(1): 82-96. JIANG J , ZHUGE J W , DUAN H X ,et al. Research on Botnet mechanisms and defenses[J]. Journal of Software, 2012,23(1): 82-96. |
[5] | NAZARIO J . DDoS attack evolution[J]. Network Security, 2008,7: 7-10. |
[6] | HUSNA H , PHITHAKKITNUKOON S , PALLA S ,et al. Behavior analysis of spam Botnets[A]. IEEE COMSWARE[C]. Bangalore,India, 2008. 246-253. |
[7] | FREILING F , HOLZ T , WICHERSKI G . Botnet tracking:exploring a root-cause methodology to prevent distributed denial-of-service attacks[A]. Proc of the ESORICS’05[C]. Milan,Italy, 2005. 319-335. |
[8] | BAECHER P , KOETTER M , HOLZ T ,et al. The nepenthes platform:an efficient approach to collect malware[A]. Proc of the RAID’06[C]. Hamburg,Germany, 2006. 165-184. |
[9] | 金鑫, 李润恒, 甘亮等 . 基于通信特征曲线动态时间弯曲距离的IRC 僵尸网络同源判别方法[J]. 计算机研究与发展, 2012,49(3): 481-490. JIN X , LI R H , GAN L ,et al. IRC Botnets' homology identifying method based on dynamic time warping distance of communication feature curves[J]. Journal of Computer Research and Development, 2012,49(3): 481-490. |
[10] | GU G , PORRAS P , YEGNESWARAN V ,et al. BotHunter:detecting malware infection through ids-driven dialog correlation[A]. Proc of the 16th USENIX Security Symp[C]. Boston,Massachusetts,USA, 2007. 167-182. |
[11] | GU G,PERDISCT R , ZHANG J , et a1 . BotMiner:clustering analysis of network traffic for protocol-and structure-independent botnet detection[A]. Proc of the 17th USENIX Security Symp[C]. San Jose,California,USA, 2008. 269-286. |
[12] | GU G , ZHANG J , LEE W . BotSniffer:detecting botnet command and control channels in network traffic[A]. Proc of the NDSS[C]. San Diego,USA, 2008. |
[13] | 王威, 方滨兴, 崔翔 . 基于终端行为特征的 IRC 僵尸网络检测[J]. 计算机学报, 2009,32(10): 1980-1988. WANG W , FANG B X , CUI X . IRC Botnet detection based on host behavior[J]. Chinese Journal of Computers, 2009,32(10): 1980-1988. |
[14] | HOLZ T , GORECKI C , RIECK C ,et al. Detection and mitigation of fast-flux service networks[A]. Proc of the NDSS[C]. San Diego,USA, 2008. |
[15] | CHING-HSIANG H , HUANG C Y , CHEN K T . Fast-flux bot detection in real time[A]. Proc of the RAID[C]. Menlo Park,California,USA, 2011. 464-483. |
[16] | 王海龙, 龚正虎, 侯捷 . 僵尸网络监测技术研究进展[J]. 计算机研究与发展, 2010,47(12): 2037-2048. WANG H L , GONG Z H , HOU J . Overview of Botnet detection[J]. Journal of Computer Research and Development, 2010,47(12): 2037-2048. |
[17] | FREILING F , HOLZ T , WICHERSKI G . Botnet tracking:exploring a root-cause methodology to prevent denial of service attacks[A]. Proc of the ESORICS[C]. Milan,Italy, 2005. 319-335. |
[18] | RAJAB M , ZARFOSS J , MONROSE F ,et al. A multifaceted approach to understanding the Botnet phenomenon[A]. Proc of the 6th ACM SIGCOMM Conf on Internet Measurement[C]. Pisa,Italy, 2006. 41-52. |
[19] | JUAN C , PONGSIN P , CHRISTIAN K ,et al. Dispatcher:enabling active botnet infiltration using automatic protocol reverse-engineering[A]. Proc of the CCS 2009[C]. Chicago,IL,USA, 2009. 621-634. |
[20] | KANICH C , KREIBICH C , LEVCHENKO K ,et al. Spamalytics:an empirical analysis of spam marketing conversion[A]. Proc of the CCS 2008[C]. Alexandria,VA,USA , 2008. 3-14. |
[21] | 应凌云, 杨轶, 冯登国 等. 恶意软件网络协议的语法和行为语义分析方法[J]. 软件学报, 2011,22(7): 1676-1689. YING L Y , YANG Y , FENG D G ,et al. Syntax and behavior semantics analysis of network protocol of malware[J]. Journal of Software, 2011,22(7): 1667-1689. |
[22] | 刘豫, 王明华, 苏璞睿 等. 基于动态污点分析的恶意代码通信协议逆向分析方法[J]. 电子学报, 2012,40(4): 661-668. LIU Y , WANG M H , SU P R ,et al. Communication protocol reverse engineering of malware using dynamic taint analysis[J]. Acta Electronica Sinica, 2012,40(4): 661-668. |
[23] | CHO C , BABIC D , SHIN E ,et al. Inference and analysis of formal models of botnet command and control protocols[A]. Proc of the CCS 2010[C]. Chicago,IL,USA, 2010. 426-439. |
[24] | KANG B , ERIC C , LEE C ,et al. Towards complete node enumeration in a peer-to-peer Botnet[A]. Proc of the CCS 2009[C]. Chicago,IL,USA, 2009. 23-34. |
[25] | STONE-GROSS B , COVA M , CAVALLARO L ,et al. Your Botnet is my botnet:analysis of a Botnet takeover[A]. Proc of the CCS 2009[C]. Chicago,IL,USA, 2009. 635-647. |
[26] | DAGON D , ZOU C , LEE W . Modeling botnet propagation using time zones[A]. Proc of the NDSS[C]. San Diego,USA, 2006. 235-249. |
[27] | VOGT R , AYCOCK J , JACOBSON M . Army of botnets[A]. Proc of the NDSS[C]. San Diego,USA, 2007. 111-123. |
[28] | WANG P , WU L , CUNNINGHAM R ,et al. Honeypot detection in advanced Botnet attacks[J]. International Journal of Information and Computer Security, 2010,4(1): 30-51. |
[29] | WANG W , FANG B , CUI X ,et al. A user ID-centralized recoverable Botnet:structure research and defense[J]. International Journal of Innovative Computing,Information and Control, 2010,6(4): 4307-4317. |
[30] | ZENG Y , SHIN K , HU X . Design of SMS commanded-and-controlled and P2P-structured mobile botnets[A]. Proc of the 5th ACM Conf on Security and Privacy in Wireless and Mobile Networks[C]. Tucson,Arizona,USA, 2012. 137-148. |
[31] | SINGH K , SENGAL S , JAIN N ,et al. Evaluating Bluetooth as a medium for Botnet command and control[A]. Proc of the Int Conf on Detection of Intrusions and Malware,and Vulnerability Assessment[C]. Bonn,Germany, 2010. 61-80. |
[32] | CUI X , FANG B , YIN L ,et al. Andbot:towards advanced mobile Botnets[A]. Proc of the 4th USENIX Workshop on Large-scale Exploits and Emergent Threats[C]. Berkeley,California,USA, 2011.11. |
[33] | ZHAO S , LEE P , LUI J ,et al. Cloud-based push-styled mobile botnets:a case study of exploiting the cloud to device messaging service[A]. Proc of the Annual Computer Security Applications Conf (ACSAC 2012)[C]. Florida,USA, 2012. 119-128. |
[34] | AMINI P , PIERCE C , , Kraken Botnet infiltration[EB/OL]. , 2005. |
[35] | CHIA Y , JUAN C , , Botnet infiltration:finding bugs in botnet command and control[EB/OL]. , 2009. |
[36] | DAVIS C , FERNANDEZ J , NEVILLE S ,et al. Sybil attacks as a mitigation strategy against the storm Botnet[A]. Proc of the 3rd Int Conf on Malicious and Unwanted Software[C]. Alexandria,Virginia,USA, 2008. 32-40. |
[37] | BARFORD P , YEGNESWARAN V . An inside look at Botnets[J]. Malware Detection, 2007,27: 171-191. |
[38] | SHACHAM H . The geometry of innocent flesh on the bone:return-into-libc with-out function calls (on the x86)[A]. Proc of the 14th ACM Conf on Computer and Communications Security[C]. Alexandria,VA,USA, 2007. 552-561. |
[39] | FALCARIN P , CARLO S , CABUTTO A ,et al. Exploiting code mobility for dynamic binary obfuscation[A]. Proc of the World Congress on Internet Security[C]. London,UK, 2011. 114-120. |
[40] | CUI W , KANNAN J , WANG H J . Discoverer:automatic protocol reverse engineering from network traces[A]. Proc of 16th USENIX Security Symposium on USENIX Security Symposium[C]. Boston,MA,USA, 2007. 1-14. |
[41] | VIGNA G . Static disassembly and code analysis[J]. Malware Detection, 2007,27: 19-41. |
[42] | CABALLERO J , POOSANKAM P , KREIBICH C ,et al. Bidirectional Protocol Reverse Engineering:Message Format Extraction and Field Semantics Inference[R]. 2009. |
[43] | LIM J , REPS T . BCE:Extracting Botnet Commands from Bot Executables[R]. 2010. |
[44] | 王志, 贾春福, 鲁凯 . 基于环境敏感分析的恶意代码脱壳方法[J]. 计算机学报, 2012,35(4): 693-702. WANG Z , JIA C F , LU K . Malicious hidden-code extracting based on environment-sensitive analysis[J]. Chinese Journal of Computers, 2012,35(4): 693-702. |
[45] | Qemu[EB/OL]. , 2013. |
[46] | SONG D , BRUMLEY D , YIN H ,et al. BitBlaze:a new approach to computer security via binary analysis[A]. Intl Conf on Information Systems Security(ICISS 2008)[C]. Hyderabad,India, 2008. 1-25. |
[47] | Pin:a dynamic binary instrumentation tool[EB/OL]. , 2013. |
[1] | Futai ZOU, Yue TAN, Lin WANG, Yongkang JIANG. Botnet detection based on generative adversarial network [J]. Journal on Communications, 2021, 42(7): 95-106. |
[2] | Di WU,Binxing FANG,Xiang CUI,Qixu LIU. BotCatcher:botnet detection system based on deep learning [J]. Journal on Communications, 2018, 39(8): 18-28. |
[3] | Tao YIN,Shi-cong LI,Yu-peng TUO,Yong-zheng ZHANG. Modeling and countermeasures of a social network-based botnet with strong destroy-resistance [J]. Journal on Communications, 2017, 38(1): 97-105. |
[4] | Ke LI,Bin-xing FANG,Xiang CUI,Qi-xu LIU,Zhi-tao YAN. Research on Webshell-based botnet [J]. Journal on Communications, 2016, 37(6): 11-19. |
[5] | . Progress in research on active network flow watermark [J]. Journal on Communications, 2014, 35(7): 22-192. |
[6] | Xiao-jun GUO,Guang CHENG,Chen-gang ZHU,Dinh-Tu TRUONG,Ai-ping ZHOU. Progress in research on active network flow watermark [J]. Journal on Communications, 2014, 35(7): 178-192. |
[7] | . Research on cloud-based traffic adaptive command and control method for mobile botnet [J]. Journal on Communications, 2014, 35(11): 4-30. |
[8] | Wei CHEN,Shi-wen ZHOU,Cheng-yu YIN. Research on cloud-based traffic adaptive command and control method for mobile botnet [J]. Journal on Communications, 2014, 35(11): 32-38. |
[9] | . Active-probing based distributed malware master detection system [J]. Journal on Communications, 2013, 34(Z1): 26-206. |
[10] | Cheng-xiang SI,Bo SUN,Wen-han YANG,Hui-lin ZHANG,Xiao-nan XUE. Active-probing based distributed malware master detection system [J]. Journal on Communications, 2013, 34(Z1): 197-206. |
[11] | . Method of detecting IRC Botnet based on the multi-features of traffic flow [J]. Journal on Communications, 2013, 34(10): 6-55. |
[12] | Jian-en YAN,Chun-yang YUAN,Hai-yan XU,Zhao-xin ZHANG. Method of detecting IRC Botnet based on the multi-features of traffic flow [J]. Journal on Communications, 2013, 34(10): 49-55. |
[13] | Yuan-zhang SONG,Jun-ting HE,Bo ZHANG,Jun-jie WANG,An-bang WANG. Detecting P2P botnet based on the role of flows [J]. Journal on Communications, 2012, 33(Z1): 262-269. |
[14] | Tian-ning ZANG,Xiao-chun YUN,Yong-zheng ZHANG,Chao-guang MEN,Xiang CUI. Botnets' similarity analysis based on communication features and D-S evidence theory [J]. Journal on Communications, 2011, 32(4): 66-76. |
[15] | Run-heng LI,Liang GAN,Yan JIA. IRC botnets’size measure based on duplicated removal of dynamic IP and NAT identifing [J]. Journal on Communications, 2010, 31(9A): 183-189. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|