| 僵尸网络C&C机制模拟测评系统 |
| |
| 引用本文: | 朱俊虎,李鹤帅,邱菡,张勇.僵尸网络C&C机制模拟测评系统[J].信息工程大学学报,2013,14(6):748-754. |
| |
| 作者姓名: | 朱俊虎 李鹤帅 邱菡 张勇 |
| |
| 作者单位: | 1.数学工程与先进计算国家重点实验室,河南 郑州 450001;2.防空兵学院,河南 郑州 450052 |
| |
| 摘 要: | 僵尸网络的核心是C&C机制,对C&C机制的测试评估是僵尸网络防御研究的重点.现有的理论推导、逆向工程分析等测评方式对僵尸网络C&C机制的研究不够全面、可信度不高.为解决上述问题,文章提出了一套僵尸网络C&C机制模拟测评方案,通过构建基于虚拟化的可重构模拟测评网络,在测评网络中部署良性僵尸网络并进行C&C机制的测评,设计并实现了一个可满足较大规模僵尸网络C&C机制评价的测评系统,并对两种典型C&C机制的僵尸网络进行了测评,实验结果证明系统可达到预期的设计要求.
|
| 关 键 词: | 僵尸网络 C&C机制 指标体系 测评网络 评价 |
Botnet C&C Testing and Evaluation System Based on Emulation |
| |
| ZHU Jun-hu LI He-shuai,QIU Han,ZHANG Yong.Botnet C&C Testing and Evaluation System Based on Emulation[J].Journal of Information Engineering University,2013,14(6):748-754. |
| |
| Authors: | ZHU Jun-hu LI He-shuai QIU Han ZHANG Yong |
| |
| Affiliation: | 1.Nation Digital Switching System Engineering Technological R & D Center, Zhengzhou 450001, China;2.Defense Forces Academy, Zhengzhou 450052, China |
| |
| Abstract: | C&C mechanism, as the core of botnet, is the focus of botnet defense studies. However, existing research modes, such as theoretical analysis, reverse engineering, are not comprehensive and dependable enough. To solve this problem, this paper establishes an emulation method for evaluating botnet C&C mechanisms and builds an evaluation system for large scale botnet C&C mechanism evaluation. It sets up virtualized reconfigurable emulation evaluation network, deploys benign botnet, evaluates its C&C mechanism in the evaluation network, and then gets a dependable verdict. Based on the above research results, a prototype system is designed and built, and two typical C&C mechanisms are evaluated. Experimental results show that the system can achieve the desired design requirements. |
| |
| Keywords: | botnet C&C mechanism guide system evaluation network evaluation |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《信息工程大学学报》浏览原始摘要信息 |
|
点击此处可从《信息工程大学学报》下载全文 |
|
