僵尸网络研究

僵尸网络是一种从传统恶意代码形态进化而来的新型攻击方式,为攻击者提供了隐匿、灵活且高效的一对多命令与控制机制,可以控制大量僵尸主机实现信息窃取、分布式拒绝服务攻击和垃圾邮件发送等攻击目的.僵尸网络正步入快速发展期,对因特网安全已造成严重威胁,对中国大陆造成的危害尤为严重.介绍了僵尸网络的演化过程和基本定义,深入剖析了僵尸网络的功能结构与工作机制,讨论了僵尸网络的命令与控制机制和传播模型,并归纳总结了目前跟踪、检测和防御僵尸网络的最新研究成果,最后探讨了僵尸网络的发展趋势和进一步的研究方向.

Research and Development of Botnets

Botnet is a novel attack strategy evolved from traditional malware forms; it provides the attackers stealthy, flexible and efficient one-to-many Command and Control mechanisms, which can be used to order an army of zombies to achieve the goals including information theft, launching distributed denial of service, and sending spam. Botnet has stepped into the expanding phase, and has been a serious threat to Internet security, especially in China mainland. In this paper, the evolution process, concept, functional structure and execution mechanism of botnet are presented, the Command and Control mechanisms and propagation model are discussed, and the latest techniques on botnet tracking, detection and prevention are reviewed. The developing trends of botnet and further topics in this area are also analyzed.