僵尸网络活动调查分析

僵尸网络已经成为网络攻击者首选的攻击平台，用以发起分布式拒绝服务攻击、窃取敏感信息和发送垃圾邮件等，对公共互联网的正常运行和互联网用户的利益造成了严重的威胁。较大规模地发现和监测实际僵尸网络的活动行为并对其规律进行深入调查分析，是更为全面地监测僵尸网络和对其实施反制的必要前提。通过对所监测的1961个实际僵尸网络的活动情况进行了深入调查和分析，从中给出了僵尸网络数量增长情况、控制服务器分布、僵尸网络规模、被控主机分布以及僵尸网络各种攻击行为的分析结果。     

僵尸网络研究

僵尸网络是一种从传统恶意代码形态进化而来的新型攻击方式,为攻击者提供了隐匿、灵活且高效的一对多命令与控制机制,可以控制大量僵尸主机实现信息窃取、分布式拒绝服务攻击和垃圾邮件发送等攻击,僵尸网络对因特网安全已造成严重威胁。深入研究分析了僵尸网络的三种模型,并对僵尸网络的发现、追踪进行了探讨。     

基于Command and Control通信信道流量属性聚类的僵尸网络检测方法

僵尸网络(Botnet)是一种从传统恶意代码形态进化而来的新型攻击方式,为攻击者提供了隐匿、灵活且高效的一对多命令与控制信道(Command and Control channel, CC)机制,可以控制大量僵尸主机实现信息窃取、分布式拒绝服务攻击和垃圾邮件发送等攻击目的。该文提出一种与僵尸网络结构和CC协议无关,不需要分析数据包的特征负载的僵尸网络检测方法。该方法首先使用预过滤规则对捕获的流量进行过滤,去掉与僵尸网络无关的流量;其次对过滤后的流量属性进行统计;接着使用基于X-means聚类的两步聚类算法对CC信道的流量属性进行分析与聚类,从而达到对僵尸网络检测的目的。实验证明,该方法高效准确地把僵尸网络流量与其他正常网络流量区分,达到从实际网络中检测僵尸网络的要求,并且具有较低的误判率。     

2021年5月黑龙江省公共互联网安全监测报告

5月,全省互联网基础设施运行总体平稳,骨干网各项监测指标正常.木马僵尸网络、蠕虫病毒、web攻击等是我省重要信息系统和互联网用户面临的最主要的网络安全威胁.本月我省感染木马、僵尸程序主机总数有所上升,被利用作为控制端主机数量较上月有所上升,感染蠕虫病毒主机数量较上月有所下降,受web攻击主机数量较上月有所上升.本月我省感染木马或僵尸网络病毒的主机 IP 数量为 8497 个 ;被利用作为木马或僵尸网络控制端服务器的IP数量为1226个;感染蠕虫病毒的主机IP数量为101个;遭受web攻击的主机IP数量为2093个;我省被利用作为web攻击的IP数量为2303个.     

僵尸网络对互联网安全的威胁和治理措施

僵尸网络是指控制者通过传播恶意代码感染、控制与互联网相连接的计算机,从而形成的控制者和大量被感染主机之间的一个可一对多控制的网络。它可以控制大量僵尸主机实现分布式拒绝服务攻击、垃圾邮件发送、信息窃取等攻击目的。僵尸网络成为目前互联网发展的严重威胁,需要从法规条例、技术研究与实践、宣传教育、国际合作等方面加强对僵尸网络的治理,保证互联网的健康发展。     

ICT新词

〉〉Botnet僵尸网络 僵尸网络（botnet）是由传统恶意代码形态,如计算机病毒、木马以及后门工具等发展而来的新型攻击方式,它为攻击者提供了一个全新的攻击平台。     

2021年7月黑龙江省公共互联网安全监测报告

2021年7月,全省互联网基础设施运行总体平稳,骨干网各项监测指标正常.木马僵尸网络、蠕虫病毒、web攻击等是全省重要信息系统和互联网用户面临的最主要的网络安全威胁.本月全省感染木马、僵尸程序主机总数有所下降,被利用作为控制端主机数量较上月有所下降,感染蠕虫病毒主机数量较上月有所下降,受web攻击主机数量较上月有所下降.本月全省感染木马或僵尸网络病毒的主机IP数量为16019个; 被利用作为木马或僵尸网络控制端服务器的IP数量为3685个;感染蠕虫病毒的主机IP数量为274个;遭受web攻击的主机IP数量为2794个; 全省被利用作为web攻击的IP数量为5743个.     

2021年3月黑龙江省公共互联网安全监测报告

2021年3月,黑龙江省互联网基础设施运行总体平稳,骨干网各项监测指标正常.木马僵尸网络、蠕虫病毒、web攻击等是重要信息系统和互联网用户面临的最主要的网络安全威胁.本月我省感染木马、僵尸程序主机总数上升明显,被利用作为控制端主机数量较上月有所上升,感染蠕虫病毒主机数量较上月有所上升,受web攻击主机数量较上月有所上升.本月我省感染木马或僵尸网络病毒的主机IP数量为18903个; 被利用作为木马或僵尸网络控制端服务器的IP数量为3864个;感染蠕虫病毒的主机IP数量为395个;遭受web攻击的主机IP数量为3782个; 我省被利用作为web攻击的IP数量为11331个.     

Web安全问答（4）

问：什么叫僵尸网络答：僵尸网络（英文名称叫BotNct）。是互联网上受到黑客集中控制的一群计算机,往往被黑客用来发起大规模的网络攻击,如分布式拒绝服务攻击（DDoS）、海量垃圾邮件等,同时黑客控制的这些计算机所保存的信息也都可被黑客随意“取用”。因此,不论是对网络安全运行还是用户数据安全的保护来说,僵尸网络都是极具威胁的隐患。然而,发现一个僵尸网络是非常困难的,因为黑客通常远程、隐蔽地控制分散在网络上的“僵尸主机”,这些主机的用户往往并不知情。因此,僵尸网络是目前互联网上黑客最青睐的作案工具。     

Web安全问答（3）

问：什么叫僵尸网络答：僵尸网络（英文名称叫BotNet）,是互联网上受到黑客集中控制的一群计算机,往往被黑客用来发起大规模的网络攻击,如分布式拒绝服务攻击（DDoS）、海量垃圾邮件等,同时黑客控制的这些计算机所保存的信息也都可被黑客随意＂取用＂。因此,不论是对网络安全运行还是用户数据安全的保护来说,僵尸网络都是极具威胁的隐患。然而,发现一个僵尸网络是非常困难的,因为黑客通常远程、隐蔽地控制分散在网络上的＂僵尸主机＂,这些主机的用户往往并不知情。因此,僵尸网络是目前互联网上黑客最青睐的作案工具。     

僵尸网络检测方法研究

僵尸网络是指由黑客通过多种传播手段入侵并控制的主机组成的网络.僵尸网络是各种恶意软件传播和控制的主要来源,检测僵尸网络对于网络安全非常重要.本文首先介绍了僵尸网络的结构,着重对僵尸网络的命令与控制信道进行了讨论,接着详细介绍了基于主机信息的、基于流量监测的和基于对等网络的僵尸网络检测方法,并进行了比较和讨论.     

僵尸网络的演变与防御

本文简述了僵尸网络的定义,演变和最新的增长趋势,指出了其主要危害方式和影响。指出分层的防御是对应僵尸网络威胁的主要方式,并介绍了迈克菲研究室的最新研究成果——通过漏洞阻断、云安全和行为分析的模式对于僵尸网络在网络中的传播进行阻断。为僵尸网络的防御提供了有益的参考建议。     

基于P2P的僵尸网络及其防御

 僵尸网络作为网络犯罪活动的平台,正朝着P2P等分布式结构发展.研究僵尸网络的发展方向以及构建技术,有助于我们全面地了解僵尸网络活动的特点,从而更好地开展僵尸网络的检测和防范研究.本文分析了攻击者的需求,提出了一种基于层次化P2P网络技术的新型僵尸网络结构,并对这种僵尸网络的可行性和具体的传播、通讯、控制等各个方面进行了深入分析和探讨.在此基础上,我们通过模拟实验对各种防御策略的有效性进行了分析和评估,实验数据表明,在考虑实际可操作性条件下,现有的防御策略难以有效摧毁P2P结构僵尸网络.最后,我们讨论了这种新型僵尸网络可能的防御方法.     

Defending against phishing attacks: taxonomy of methods,current issues and future directions

Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people’s lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly inventive. One such a serious threat is “phishing”, in which, attackers attempt to steal the user’s credentials using fake emails or websites or both. It is true that both industry and academia are working hard to develop solutions to combat against phishing threats. It is therefore very important that organisations to pay attention to end-user awareness in phishing threat prevention. Therefore, aim of our paper is twofold. First, we will discuss the history of phishing attacks and the attackers’ motivation in details. Then, we will provide taxonomy of various types of phishing attacks. Second, we will provide taxonomy of various solutions proposed in literature to protect users from phishing based on the attacks identified in our taxonomy. Moreover, we have also discussed impact of phishing attacks in Internet of Things (IoTs). We conclude our paper discussing various issues and challenges that still exist in the literature, which are important to fight against with phishing threats.     

Improving office productivity: A technology perspective

There is a perception these days that office workers are not as productive as they should be. Whether or not this is the case, the emerging office technology provides great potential to improve office productivity by introducing specific, computerized support tools to aid office workers. In this paper, we look at ways in which office workers can be better supported by providing computer-based tools that allow them to more easily access and process computerised data, to better understand their work environment and help computerize it, and to assist them in managing their time and peforming their office tasks more effectively. Our view is that the greatest productivity gains will be realized by better supporting office workers, rather than trying to displace them.     

A Novel Approach for Redirecting Module in Honeypot Systems

1 Introduction Computer network security has been focus on passivedefense strategies usingtools and conceptslike Firewall ,Intrusion Detection System(IDS)[1 ~3]. This is an un-reasonable situation,because users have to protect com-puter systems perfectly, while hackers can use one ofvulnerabilities to attackthe systems . We are alwaysin apassive position.The bad guys have theinitiative .Theyhave unli mited resources and attack you whenever theywant , however they want . Moreover ,in a trad…     

Honeypot及其安全增强技术研究

蜜罐(Honeypot)是一种主动防御的网络安全技术,可以吸引入侵者的攻击,保护工作网络免于攻击,而且能监视和跟踪入侵者的行为并以日志形式记录下来进行分析,从而学习入侵者的工具、策略和方法.文中介绍了蜜罐技术的基本理论,分析了蜜罐系统的工作原理,设计了一种基于主机的蜜罐系统,讨论了其基本结构和工作流程,然后着重分析了系统可能面临的安全威胁与防御对策,并在总体上给出了系统的安全增强方案.     

Intrusion detection in wireless ad hoc networks

Intrusion detection has, over the last few years, assumed paramount importance within the broad realm of network security, more so in the case of wireless ad hoc networks. These are networks that do not have an underlying infrastructure; the network topology is constantly changing. The inherently vulnerable characteristics of wireless ad hoc networks make them susceptible to attacks, and it may be too late before any counter action can take effect. Second, with so much advancement in hacking, if attackers try hard enough they will eventually succeed in infiltrating the system. This makes it important to constantly (or at least periodically) monitor what is taking place on a system and look for suspicious behavior. Intrusion detection systems (IDSs) do just that: monitor audit data, look for intrusions to the system, and initiate a proper response (e.g., email the systems administrator, start an automatic retaliation). As such, there is a need to complement traditional security mechanisms with efficient intrusion detection and response. In this article we present a survey on the work that has been done in the area of intrusion detection in mobile ad hoc networks.     

Concurrent multipath traffic impersonating for enhancing communication privacy

Network communication traditionally only uses encryption techniques for privacy and a single path for routing, which makes the communication vulnerable to attackers. Attackers easily obtain much important information by eavesdropping on the path and analyzing the communication traffic. To overcome the problem, we propose concurrent multipath traffic impersonating (CMTI), which obscures traffic features by camouflaging the traffic flow and dividing it into multiple parts. We propose a traffic impersonating technique based on statistical simulation, which make the secret traffic look like another normal and inconspicuous class to deceive attackers. And we present the packet scheduling algorithm to transfer the impersonating flows on multipath, for enhancing the communication efficiency and further increasing significantly the cost inflicted on attackers who wish to eavesdrop communication sessions. The empirical analysis demonstrates that concurrent multipath traffic imitating can effectively thwart traffic analysis and enhance communication efficiency. Copyright © 2013 John Wiley & Sons, Ltd.