P2P僵尸網(wǎng)絡(luò)檢測技術(shù)的研究與實(shí)現(xiàn)
發(fā)布時(shí)間:2018-10-26 10:46
【摘要】:P2P僵尸網(wǎng)絡(luò)(P2P Botnet)是指通過直接交互傳遞命令,能夠發(fā)起和響應(yīng)請求的惡意程序所組成的網(wǎng)絡(luò)。研究P2P僵尸網(wǎng)絡(luò)的檢測技術(shù),通過發(fā)現(xiàn)P2P僵尸網(wǎng)絡(luò)的命令與控制(command-and-control)的網(wǎng)絡(luò)通信拓?fù)浣Y(jié)構(gòu),并利用社區(qū)發(fā)現(xiàn)算法檢測出網(wǎng)絡(luò)中可能的P2P僵尸網(wǎng)絡(luò)節(jié)點(diǎn),能夠?yàn)楣簟⒎烙屠肞2P僵尸網(wǎng)絡(luò)提供有價(jià)值的信息。 本文研究P2P僵尸網(wǎng)絡(luò)檢測技術(shù),設(shè)計(jì)并實(shí)現(xiàn)一個(gè)原型系統(tǒng),,主要的工作如下: 1.分析國內(nèi)外P2P僵尸網(wǎng)絡(luò)相關(guān)研究現(xiàn)狀,指出當(dāng)前研究存在的問題:現(xiàn)有P2P僵尸網(wǎng)絡(luò)檢測技術(shù)主要用于檢測是否存在僵尸進(jìn)程或流量是否為僵尸網(wǎng)絡(luò)流量,沒有根據(jù)僵尸網(wǎng)絡(luò)節(jié)點(diǎn)之間的命令與控制關(guān)系進(jìn)行檢測。 2.給出檢測P2P僵尸網(wǎng)絡(luò)的一種解決方案。明確P2P僵尸網(wǎng)絡(luò)結(jié)構(gòu)相關(guān)的概念,結(jié)合項(xiàng)目需求,給出P2P僵尸網(wǎng)絡(luò)的典型特征,根據(jù)這些特征執(zhí)行算法檢測僵尸網(wǎng)絡(luò)。 3.給出P2P僵尸網(wǎng)絡(luò)檢測算法,該算法將輸入的網(wǎng)絡(luò)數(shù)據(jù)報(bào)抽取為網(wǎng)絡(luò)流,在進(jìn)行數(shù)據(jù)過濾之后,確定命令與控制網(wǎng)絡(luò)流(對應(yīng)命令與控制關(guān)系),進(jìn)而得出命令與控制的網(wǎng)絡(luò)通信拓?fù)浣Y(jié)構(gòu),并基于社區(qū)發(fā)現(xiàn)算法最終檢測出僵尸網(wǎng)絡(luò)。論文詳細(xì)介紹了各個(gè)算法的原理,并分析了算法特點(diǎn)和時(shí)間復(fù)雜度。 4.設(shè)計(jì)并實(shí)現(xiàn)了P2P僵尸網(wǎng)絡(luò)檢測原型系統(tǒng)。實(shí)驗(yàn)和結(jié)果分析表明:本文提出的基于社區(qū)發(fā)現(xiàn)的檢測算法能夠檢測P2P僵尸網(wǎng)絡(luò),具有較高的命中率。
[Abstract]:P2P botnet (P2P Botnet) is a network composed of malicious programs that can initiate and respond to requests by communicating commands directly. The detection technology of P2P botnet is studied. By discovering the network communication topology of P2P botnet command and control (command-and-control) and using community discovery algorithm, the possible P2P botnet nodes in the network can be detected. Defense and use of P2P botnets to provide valuable information. This paper studies P2P botnet detection technology, designs and implements a prototype system, the main work is as follows: 1. This paper analyzes the status quo of P2P botnet research at home and abroad, and points out the existing problems: the existing P2P botnet detection technology is mainly used to detect whether botnet processes exist or whether traffic is botnet traffic. No detection is made according to the command and control relationship between botnet nodes. 2. A solution to detect P2P botnet is presented. Based on the concept of P2P botnet structure and project requirements, the typical features of P2P botnet are given, and the botnet detection algorithm is implemented according to these features. 3. This paper presents a P2P botnet detection algorithm, which extracts the input network Datagram into a network stream. After data filtering, the command and control network flow (corresponding to the command and control relationship) is determined. Then the network communication topology of command and control is obtained, and the botnet is finally detected based on community discovery algorithm. The principle of each algorithm is introduced in detail, and the characteristics and time complexity of the algorithm are analyzed. 4. A P2P botnet detection prototype system is designed and implemented. The experiments and results show that the community discovery based detection algorithm proposed in this paper can detect P2P botnet with high hit rate.
【學(xué)位授予單位】:北京航空航天大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
本文編號:2295464
[Abstract]:P2P botnet (P2P Botnet) is a network composed of malicious programs that can initiate and respond to requests by communicating commands directly. The detection technology of P2P botnet is studied. By discovering the network communication topology of P2P botnet command and control (command-and-control) and using community discovery algorithm, the possible P2P botnet nodes in the network can be detected. Defense and use of P2P botnets to provide valuable information. This paper studies P2P botnet detection technology, designs and implements a prototype system, the main work is as follows: 1. This paper analyzes the status quo of P2P botnet research at home and abroad, and points out the existing problems: the existing P2P botnet detection technology is mainly used to detect whether botnet processes exist or whether traffic is botnet traffic. No detection is made according to the command and control relationship between botnet nodes. 2. A solution to detect P2P botnet is presented. Based on the concept of P2P botnet structure and project requirements, the typical features of P2P botnet are given, and the botnet detection algorithm is implemented according to these features. 3. This paper presents a P2P botnet detection algorithm, which extracts the input network Datagram into a network stream. After data filtering, the command and control network flow (corresponding to the command and control relationship) is determined. Then the network communication topology of command and control is obtained, and the botnet is finally detected based on community discovery algorithm. The principle of each algorithm is introduced in detail, and the characteristics and time complexity of the algorithm are analyzed. 4. A P2P botnet detection prototype system is designed and implemented. The experiments and results show that the community discovery based detection algorithm proposed in this paper can detect P2P botnet with high hit rate.
【學(xué)位授予單位】:北京航空航天大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
【參考文獻(xiàn)】
相關(guān)期刊論文 前2條
1 諸葛建偉;韓心慧;周勇林;葉志遠(yuǎn);鄒維;;僵尸網(wǎng)絡(luò)研究[J];軟件學(xué)報(bào);2008年03期
2 李翔;胡華平;劉波;陳新;;基于行為相似性的P2P僵尸網(wǎng)絡(luò)檢測模型[J];現(xiàn)代電子技術(shù);2010年15期
本文編號:2295464
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2295464.html
最近更新
教材專著
