【摘要】：僵尸網(wǎng)絡(Botnet)是一種新型的攻擊網(wǎng)絡,它由大量的僵尸節(jié)點組成,每個僵尸節(jié)點是一個被僵尸病毒程序(Bot)感染的主機,在控制者和僵尸主機之間形成一個可以一對多進行控制的網(wǎng)絡。僵尸網(wǎng)絡已經(jīng)是當前世界安全的主要威脅,破壞伊朗核計劃的震網(wǎng)病毒事件、斯諾登事件已經(jīng)為世界各國政府敲響了警鐘。為了更好地應對僵尸網(wǎng)絡的威脅,需要不斷模擬僵尸網(wǎng)絡的攻擊,以便更好地提出遏制其發(fā)展的對策。 為了更好地理解僵尸網(wǎng)絡的攻擊原理,本文首先研究了IRC. HTTP和P2P僵尸網(wǎng)絡的工作模型,并從中分別挑選Sdbot、Torpig、Phatbot三種典型僵尸網(wǎng)絡做了詳細的機理分析。其次設計了基于HTTP協(xié)議的僵尸網(wǎng)絡攻擊模擬平臺,對該平臺進行了需求分析、工作流程設計、功能結(jié)構(gòu)設計和數(shù)據(jù)庫設計。最后,對僵尸網(wǎng)絡攻擊模擬平臺進行了技術實現(xiàn),在通信方面,控制端和受控端之間采用Socket通信,同時為了適應HTTP僵尸網(wǎng)絡的工作模式,每個受控端采用了反向連接技術,通過輪詢的方法每隔20秒查詢僵尸控制端是否有控制命令發(fā)送；在控制端方面,該平臺采用Apache+Mysql+PHP技術,同時設計了控制每個僵尸節(jié)點的控制指令；在受控端方面,通過研究Windows操作系統(tǒng)消息機制、API函數(shù)和注冊表相關知識,該平臺采用C++語言實現(xiàn)了信息竊取、屏幕截取、網(wǎng)頁欺騙、惡意軟件推薦和系統(tǒng)操作5個攻擊模塊；最后,本文對整個攻擊模擬平臺進行了測試,控制端和受控端可以正常通信,受控端的攻擊功能也達到了預期設定目標。
[Abstract]:Botnet (Botnet) is a new attack network, which consists of a large number of botnet nodes. Each botnet node is a host infected by botnet program (Bot). A one-to-many control network is formed between the controller and the zombie host. Botnets are already a major threat to world security, and Snowden has been a wake-up call for governments around the world over the earthquake virus that has disrupted Iran's nuclear program. In order to deal with the threat of botnet, it is necessary to simulate the attack of botnet constantly in order to put forward better countermeasures to curb the development of botnet. In order to better understand the attack principle of botnet, this paper first studies IRC. The working models of HTTP and P2P botnets are analyzed in detail, from which three typical botnets named Sdbotbott Torpigment Phatbot are selected and analyzed in detail. Secondly, the botnet attack simulation platform based on HTTP protocol is designed, and the requirements analysis, workflow design, function structure design and database design of the platform are carried out. Finally, the botnet attack simulation platform is implemented. In the aspect of communication, Socket communication is used between the control end and the controlled end. In order to adapt to the working mode of the HTTP botnet, each controlled end adopts the reverse connection technology. In the control side, the platform adopts Apache Mysql PHP technology and designs the control instruction to control each zombie node. By studying the message mechanism of Windows operating system and the knowledge of registry, the platform uses C language to realize five attack modules: information stealing, screen capture, web page spoofing, malware recommendation and system operation. In this paper, the whole attack simulation platform is tested, the control end and the controlled end can communicate normally, and the attack function of the controlled side also achieves the expected target.
【學位授予單位】：西南交通大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08;TP311.52

【參考文獻】

相關期刊論文 前10條

1 尹傳勇,劉壽強,黃偉,夏娟;蠕蟲病毒深度解析[J];計算機安全;2003年09期

2 汪貴生;夏陽;;計算機安全漏洞分類研究[J];計算機安全;2008年11期

3 應凌云;馮登國;蘇璞睿;;基于P2P的僵尸網(wǎng)絡及其防御[J];電子學報;2009年01期

4 方濱興;崔翔;王威;;僵尸網(wǎng)絡綜述[J];計算機研究與發(fā)展;2011年08期

5 王雨晨;系統(tǒng)漏洞原理與常見攻擊方法[J];計算機工程與應用;2001年03期

6 朱明,徐騫,劉春明;木馬病毒分析及其檢測方法研究[J];計算機工程與應用;2003年28期

7 康治平;向宏;;特洛伊木馬隱藏技術研究及實踐[J];計算機工程與應用;2006年09期

8 張裔智;趙毅;湯小斌;;MD5算法研究[J];計算機科學;2008年07期

9 單國棟,戴英俠,王航;計算機漏洞分類研究[J];計算機工程;2002年10期

10 楊彥;黃皓;;Windows Rootkit隱藏技術研究[J];計算機工程;2008年12期

，

本文編號：2183792