共查询到18条相似文献,搜索用时 62 毫秒
1.
2.
跟踪僵尸网络 总被引:1,自引:0,他引:1
刘冬梅 《信息技术与信息化》2006,(6):47-49
密罐是一种用采发现攻击工具、攻击策略与攻击者攻击动机的技术。在本文中,我们考虑一种特殊的安全威胁:运行僵尸网络的个人与组织。僵尸网络是一个可以由攻击者远程控制的已被攻陷主机组成的网络。由于它们数量巨大(可以把几万台主机连接在一起),因此对网络构成了极其严重的威胁。在蜜网的帮助下,我们可以观察运行僵尸网络。由于记录数据的丰富性,这使得重构攻击者的行动、使用的工具和详细地研究他们成为了可能。这里,我们对僵尸网络、普遍的攻击技术做更进一步的介绍。 相似文献
3.
4.
基于P2P的僵尸网络及其防御 总被引:6,自引:1,他引:6
僵尸网络作为网络犯罪活动的平台,正朝着P2P等分布式结构发展.研究僵尸网络的发展方向以及构建技术,有助于我们全面地了解僵尸网络活动的特点,从而更好地开展僵尸网络的检测和防范研究.本文分析了攻击者的需求,提出了一种基于层次化P2P网络技术的新型僵尸网络结构,并对这种僵尸网络的可行性和具体的传播、通讯、控制等各个方面进行了深入分析和探讨.在此基础上,我们通过模拟实验对各种防御策略的有效性进行了分析和评估,实验数据表明,在考虑实际可操作性条件下,现有的防御策略难以有效摧毁P2P结构僵尸网络.最后,我们讨论了这种新型僵尸网络可能的防御方法. 相似文献
5.
董宁 《电信工程技术与标准化》2015,(4)
僵尸网络日益猖獗。其危害从终端用户到国家,甚至军方与政府也不断遭受着僵尸网络的攻击。越来越多与僵尸网络密切相关的词汇进入人们的视线:恶意软件、身份财务信息盗取、恶意广告弹窗、垃圾邮件、网络钓鱼。WLAN作为公共使用的网络环境,能够从源头入手处理僵尸网络获得良好效果,因此本文从网络结构开始,对时下最难防护与处理的P2P网络进行分析,并提供在WLAN环境下实际可行的处理机制。 相似文献
6.
7.
董宁 《电信工程技术与标准化》2015,28(4):85-89
WLAN作为公共使用的网络环境,能够从源头入手处理僵尸网络获得良好效果,因此本文从网络结构开始,对时下最难防护与处理的P2P网络进行分析,并提供在WLAN环境下实际可行的处理机制. 相似文献
8.
随着各种新型技术的融入,拒绝服务(DoS)攻击已日益成为互联网上主要、多发、低成本、高危害性的安全威胁.文章介绍一系列现实中发生的攻击事件,通过分析分布式、僵尸网络,尤其是对等网络(P2P)技术的融入为DoS攻击带来的两次技术演进,探究目前常规DoS攻击的技术原理和发展趋势,为实施针对性的防御手段提供帮助. 相似文献
9.
僵尸网络是目前互联网安全最严重的威胁之一.与IRC僵尸网络比,基于P2P协议控制的僵尸网络具有更强的安全性、鲁棒性和隐蔽性.文章介绍了典型P2P僵尸网络的工作原理,对其对等点发现机制进行了分类,分析了每类机制的弱点,在此基础上给出了相应的僵尸网络检测方法. 相似文献
10.
11.
12.
13.
Jie He Yuexiang Yang Xiaolei Wang Zhiguo Tan 《International Journal of Network Management》2017,27(5)
Peer‐to‐peer (P2P) botnets have become one of the major threats to network security. Most existing botnet detection systems detect bots by examining network traffic. Unfortunately, the traffic volumes typical of current high‐speed Internet Service Provider and enterprise networks are challenging for these network‐based systems, which perform computationally complex analyses. In this paper, we propose an adaptive traffic sampling system that aims to effectively reduce the volume of traffic that P2P botnet detectors need to process while not degrading their detection accuracy. Our system first identifies a small number of potential P2P bots in high‐speed networks as soon as possible, and then samples as many botnet‐related packets as possible with a predefined target sampling rate. The sampled traffic then can be delivered to fine‐grained detectors for further in‐depth analysis. We evaluate our system using traffic datasets of real‐world and popular P2P botnets. The experiments demonstrate that our system can identify potential P2P bots quickly and accurately with few false positives and greatly increase the proportion of botnet‐related packets in the sampled packets while maintain the high detection accuracy of the fine‐grained detectors. 相似文献
14.
15.
Fateme Faraji Daneshgar Maghsoud Abbaspour 《International Journal of Communication Systems》2019,32(13)
Botnet is a distributed platform for illegal activities severely threaten the security of the Internet. Fortunately, although their complicated nature, bots leave some footprints during the C&C communication that have been utilized by security researchers to design detection mechanisms. Nevertheless, botnet designers are always trying to evade detection systems by leveraging the legitimate P2P protocol as C&C channel or even mimicking legitimate peer‐to‐peer (P2P) behavior. Consequently, detecting P2P botnet in the presence of normal P2P traffic is one of the most challenging issues in network security. However, the resilience of P2P botnet detection systems in the presence of normal P2P traffic is not investigated in most proposed schemes. In this paper, we focused on the footprint as the most essential part of a detection system and presented a taxonomy of footprints utilized in behavioral P2P botnet detection systems. Then, the resilience of mentioned footprints is analyzed using three evaluation scenarios. Our experimental and analytical investigations indicated that the most P2P botnet footprints are not resilient to the presence of legitimate P2P traffic and there is a pressing need to introduce more resilient footprints. 相似文献
16.
17.