  • 尹捷,崔翔,方滨兴,衣龙浩,张方娇.一种抗污染的混合P2P僵尸网络[J].信息安全学报,2018,3(1):68-82    [点击复制]
  • YIN Jie,CUI Xiang,FANG Binxing,YI Longhao,ZHANG Fangjiao.A Pollution-resilient Hybrid P2P Botnet[J].Journal of Cyber Security,2018,3(1):68-82   [点击复制]
尹捷1,2, 崔翔1,3, 方滨兴3,4, 衣龙浩1,2, 张方娇1,2
(1.中国科学院信息工程研究所, 北京 中国 100093;2.中国科学院大学网络空间安全学院, 北京 中国 100049;3.广州大学网络空间先进技术研究院, 广州 中国 510006;4.电子科技大学广东电子信息工程研究院, 广东东莞 中国 523808)
基于Peer-list的混合型P2P僵尸网络代表了一类高级僵尸网络形态,这种僵尸网络的优势是可抵抗传统P2P僵尸网络易受的索引污染(Index Poisoning)攻击和女巫(Sybil)攻击,然而却引入了新的问题——易受Peer-list污染攻击。本文提出一种新颖的混合P2P僵尸网络设计模型,在僵尸网络构建和Peer-list更新的整个生命周期中引入信誉机制,使得Peer-list污染攻击难以发挥作用。实验证明该模型具备很强的抗污染能力和很高的健壮性,因此对网络安全防御造成了新的威胁。最后,我们提出了若干可行的防御方法。本文旨在增加防御者对高级僵尸网络的理解,以促进更有效的网络防御。
关键词:  P2P僵尸网络  混合型僵尸网络  对等列表  污染攻击
A Pollution-resilient Hybrid P2P Botnet
YIN Jie1,2, CUI Xiang1,3, FANG Binxing3,4, YI Longhao1,2, ZHANG Fangjiao1,2
(1.Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;3.Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou 510006, China;4.Institute of Electronic and Information Engineering of UESTC in Guangdong, Dongguan Guangdong 523808, China)
Peer-list exchanging based hybrid P2P botnets, which are naturally robust in topology structure and immune to Index Poisoning and Sybil attacks, represent one of the most sophisticated botnets. However, such kinds of botnets are generally vulnerable to Peer-list pollution attack. In this paper, we present a novel hybrid botnet design, which aims to verify the possibility of developing a pollution resilient hybrid P2P botnet. The proposed botnet introduces a reputation-based mechanism into the whole lifecycle of Peer-list constructing and updating, making pollution attack extremely difficult, even using thousands of coordinated polluters simultaneously. We evaluated the proposed botnet under mitigation condition; and the experiments result show that such kind of advanced botnet is feasible, consequently posing a great challenge to security defenders. At last, we suggest some possible countermeasures to defend against such an advanced botnet. The ultimate goal of our work is to increase the understanding of the emerging advanced botnets, which will promote the development of more efficient countermeasures.
Key words:  P2P botnet  Hybrid botnet  Peer-list  Pollution attack