信息安全研究 ›› 2017, Vol. 3 ›› Issue (7): 589-600.

• 赛博物理系统(CPS) 专题 • 上一篇    下一篇

僵尸网络综述

崔丽娟   

  1. 中国人民解放军66072部队北京100144
  • 收稿日期:2017-07-18 出版日期:2017-07-15 发布日期:2017-07-18
  • 通讯作者: 崔丽娟
  • 作者简介:崔丽娟 工程师,主要研究方向为网络与信息安全.

A Survey of Botnet

  • Received:2017-07-18 Online:2017-07-15 Published:2017-07-18

摘要: 近年来,僵尸网络已变得越来越复杂,规模也越来越大,成为互联网最大的安全威胁之一,它们发动DDOS攻击,发送垃圾邮件,窃取敏感信息,甚至被利用来发动网络战争.据CNCERT监测,2013年我国境内有1090万余台主机被境外2.9万余个控制服务器控制.为了减轻僵尸网络的破坏,安全研究人员也提出了各种安全检测机制来应对,微软也协同各安全机构以及联邦法院关闭了一些僵尸网络.但是僵尸网络不断更新逃避技术和使用更为隐秘的命令控制通道.结合Storm,Conficker,Rustock,Torpig,P2P Zeus等僵尸网络,讨论了僵尸网络的体系结构、协议类型、逃逸技术,同时对僵尸网络的检测技术以及新的发展趋势进行了综述.

关键词: 僵尸网络, 恶意代码, 命令控制通道, 检测, 逃逸

Abstract: In recent years, the botnet has become more and more complex, the scale is also growing. Botnets have become one of the largest Internet security threat, they have been used to launch DDOS attacks, send spam, steal sensitive information, and even launch a cyber-war. According to CNCERT‘s monitoring data, in 2013, there are more than 10900000 hosts that are controlled by more than 29000 overseas servers. In order to reduce the destruction of botnets, security researchers have proposed a variety of security detection mechanisms, Microsoft also cooperated with various security agencies and the federal court to close some botnets. But botnets constantly update to evade and use a more covert command control channel. This paper briefly summarizes the botnet system structure, protocol type, escape technology, detection technology, recently shut down event, and the new development trend.

Key words: botnet, malicious code, C