基于动态IP地址去重的IRC僵尸网络大小度量

J4 ›› 2012, Vol. 34 ›› Issue (9): 1-7.

• 论文 • 下一篇

基于动态IP地址去重的IRC僵尸网络大小度量

李润恒，甘亮，贾焰，李爱平，杨树强

(国防科学技术大学计算机学院，湖南长沙 410073)

收稿日期:2010-08-05 修回日期:2010-11-21 出版日期:2012-09-25 发布日期:2012-09-25
基金资助:
国家863高技术研究发展计划资助项目(2007AA010502，2007AA01Z474)

IRC Botnets’ Size Measure Based on Duplicated Removal of Dynamic IP

LI Runheng，GAN Liang，JIA Yan，LI Aiping,YANG Shuqiang

(School of Computer Science,National University of Defense Technology,Changsha 410073,China)

Received:2010-08-05 Revised:2010-11-21 Online:2012-09-25 Published:2012-09-25

摘要/Abstract

摘要：

IRC僵尸网络是攻击者通过IRC服务器构建命令与控制信道方式来控制大量主机组成的网络。IRC僵尸网络的动态性以及动态IP地址的影响，给僵尸网络的大小度量带来很大的困难。本文采用基于概率的动态IP地址去重算法减小动态IP地址的影响，给出僵尸网络大小尽量准确的度量，实验验证了本文方法的有效性。

关键词: 僵尸网络, 去重, 动态IP, 大小度量

Abstract:

IRC botnet can be regarded as a collection of compromised computers under the commandandcontrol infrastructure constructed by the IRC server. Since both the botnet and the IP are dynamic, the measure of botnet’s size is difficult. The paper removes the duplicated and dynamic IP to estimate the size of the botnet. Experiments are carried out for validation purposes.

Key words: botnet;duplicated removal;dynamic IP;size measure

李润恒，甘亮，贾焰，李爱平，杨树强. 基于动态IP地址去重的IRC僵尸网络大小度量[J]. J4, 2012, 34(9): 1-7.

LI Runheng，GAN Liang，JIA Yan，LI Aiping,YANG Shuqiang. IRC Botnets’ Size Measure Based on Duplicated Removal of Dynamic IP[J]. J4, 2012, 34(9): 1-7.

参考文献

［1］拒绝服务攻击详解之基础篇［EB/OL］.［20100508］.SKY_Server,http://wenku.baidu.com/view/b2544d37ee06eff9aef 80797.html.
［2］Xie Y, Yu F, Achan K, et al. How Dynamic are IP Addresses?［J］. ACM SIGCOMM Computer Communication Review, 2007,37(4):301312.
［3］李润恒, 王明华, 贾焰. 基于通讯特征提取和IP聚集的僵尸网络相似性度量模型［J］. 计算机学报, 2010,33(1):4554.
［4］Freiling F C, Holz T, Wicherski G. Botnet Tracking: Exploring a RootCause Methodology to Prevent Distributed DenialofService Attacks［J］. Lecture Notes in Computer Science, 2005,3679:319335.
［5］Rajab A.A Multifaceted Approach to Understanding the Botnet Phenomenon［C］∥Proc of the 6th ACM Internet Measurement Conference, 2006:4152.
［6］Dagon D, Zou C, Lee W. Modeling Botnet Propagation Using Time Zones［C］∥Proc of the 13th Annual Network and Distributed System Security Symp, 2006.
［7］Fabian M, Terzis M A. My Botnet is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging［C］∥Proc of the 1st Workshop on Hot Topics in Understanding Botnets, 2007:5.
［8］Dagon D, Gu G, Lee C, et al. A Taxonomy of Botnet Structures［C］∥Proc of the 23rd Annual Computer Security Applications Conference,2007:325339.
［9］Li Z, Hu J, Hu Z, et al. Measuring the Botnet Using the Second Character of Bots［J］. Journal of Networks, 2010,5(1):98105.
［10］Zhuang L, Dunagan J, Simon D R, et al. Characterizing Botnets from Email Spam Records［C］∥Proc of the 1st Vsenix Workshop on LargeScale Exploits and Emergent Threats,2008.
［11］国家计算机网络应急技术处理协调中心(CNCERT/CC)全国网络与信息技术培训项目管理中心(NTCMC).网络安全应急实践指南［M］.北京：电子工业出版社, 2008.
［12］Chen Y. IRCBased Botnet Detection on HighSpeed Routers［C］∥Proc of the ARODARPADHS Special Workshop on Botnets Arlington,2006:235249.

[1]	顾涛涛, 卢帅兵, 李响, 况晓辉, 赵刚. 并行模糊测试综述[J]. 计算机工程与科学, 2022, 44(06): 1046-1055.
[2]	周玉坤1,2,冯丹1,2,夏文1,2,付忞1,2. 面向数据去重的基于二次哈希的收敛加密策略[J]. 计算机工程与科学, 2016, 38(09): 1755-1762.
[3]	王海龙1,2，唐勇2，龚正虎2. 僵尸网络命令与控制信道的特征提取模型研究[J]. J4, 2013, 35(2): 62-67.

基于动态IP地址去重的IRC僵尸网络大小度量

IRC Botnets’ Size Measure Based on Duplicated Removal of Dynamic IP

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 3

编辑推荐

Metrics

本文评价