计算机科学

计算机科学 ›› 2018, Vol. 45 ›› Issue (7): 135-138.doi: 10.11896/j.issn.1002-137X.2018.07.022

• 信息安全 • 上一篇    下一篇

具有异构感染率的僵尸网络建模与分析

牛伟纳1,2,张小松1,2,杨国武1,卓中流1,卢嘉中1   

  1. 电子科技大学计算机科学与工程学院 成都6117311;
    电子科技大学网络空间安全研究中心 成都6117312
  • 收稿日期:2017-05-22 出版日期:2018-07-30 发布日期:2018-07-30
  • 作者简介:牛伟纳(1990-),女,博士生,主要研究方向为网络攻击建模与检测,E-mail:niuweina1@126.com;张小松(1968-),男,博士,教授,主要研究方向为网络安全、数据安全,E-mail:johnsonzxs@uestc.edu.cn(通信作者);杨国武(1966-),男,博士,教授,主要研究方向为模型检测、机器学习;卓中流 (1990-),男,博士生,主要研究方向为网络攻击检测;卢嘉中(1988-),男,博士生,主要研究方向为网络攻击检测。
  • 基金资助:
    本文受国家自然科学基金面上项目(61572115),四川省重大基础研究课题(2016JY0007)资助。

Modeling and Analysis of Botnet with Heterogeneous Infection Rate

NIU Wei-na1,2,ZHANG Xiao-song1,2,YANG Guo-wu1,ZHUO Zhong-liu1,LU Jia-zhong1   

  1. School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China1;
    Center for Cyber Security,University of Electronic Science and Technology of China,Chengdu 611731,China2
  • Received:2017-05-22 Online:2018-07-30 Published:2018-07-30

PDF (PC)

672

摘要: 僵尸网络作为共性攻击平台,采用目前先进的匿名网络和恶意代码技术为APT攻击提供了大量有效资源。为了有效控制僵尸网络的大规模爆发,需研究其构建规律。考虑到在传播过程中僵尸网络的不同区域具有不同的感染率,结合疾病传播模型,提出了一种具有异构感染率的僵尸网络传播模型。首先,通过对僵尸网络稳态特征的分析,使用平均场方法从动力学角度研究了其传播特性;然后,在BA网络中通过模拟实验来分析异构感染率如何影响僵尸网络的传播阈值。实验结果表明,该模型更符合真实情况,且僵尸程序传播阈值和异构感染率的关系与节点数量无关。

关键词: 动力学, 疾病传播模型, 僵尸网络, 平均场方法, 异构感染率

Abstract: Botnet,as a common attack platform,uses the current advanced anonymous network and malicious code technology to provide a lot of effective resources for APT attacks.In order to effectively control the large-scale outbreak of botnet,it is necessary to study its construction rules.This work proposed a botnet propagation model with heteroge-neous infection rate based on disease model due to nodes with different infection rates in different regions.Through analyzing the characteristics of botnet in the steady-state,the mean-field approach is used to study its propagation cha-racteristics from the dynamic point of view.Then,how the heterogenous infection rate affects the botnet propagation threshold in BA network is explored.The experimental results show that the proposed model is more realistic,and the relationship between threshold and heterogeneous infection rate has nothing to do with the number of nodes.

Key words: Botnet, Disease propagation models, Dynamics, Heterogeneous infection rates, Mean-field approach

中图分类号: 

  • TP309.5
[1]EASON G,NOBLE B,SNEDDON I N.On certain integrals ofEggdrop:Open source IRC bot [EB/OL].http://www.eggheads.org.
[2]KIRUBAVATHI G,ANITHA R.Botnets:A study and analysis [M]//Computational Intelligence,Cyber Security and Computational Models.Springer India,2014:203-214.
[3]WANG Y,WEN S,XIANG Y,et al.Modeling the propagation of worms in networks:A survey [J].IEEE Communications Surveys & Tutorials,2014,16(2):942-960.
[4]SHARIFNYA R,ABADI M.DFBotkiller:domain-flux botnetdetection based on the history of activities and failures in DNS traffic.Digital Inestigation,2015,12:15-26.
[5]GU G,PORRAS P A,YEGNESWARAN V,et al.Bothunter:Detecting malware infection through ids-driven dialog correcation[C]∥USENIX Security Symposium.2007:1-16.
[6]GU G,PERDISCI R,ZHANG J,et al.BotMiner:ClusteringAnalysis of Network Traffic for Protocol-and Structure-Indepen-dent Botnet Detection[J].USENIX Security Symposium,2008,5(2):139-154.
[7]SINGH K,GUNTUKU S C,THAKUR A,et al.Big data analy-tics framework for peer-to-peer botnet detection using random forests [J].Information Sciences,2014,278(19):488-497.
[8]TEGELER F,FU X,VIGNA G,et al.Botfinder:Finding bots in network traffic without deep packet inspection[C]∥8th Iinternational Conference on Emerging Networking Experiments and Technologies.ACM,2012:349-360.
[9]KONG X,CHEN Y,TIAN H,et al.A Novel Botnet Detection Method Based on Preprocessing Data Packet by Graph Structure Clustering[C]∥2016 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC).IEEE,2016:42-45.
[10]QIAN Q,XIAO C J,ZHANG R.Propagation modeling for P2P botnet in structured P2P network [J].Journal of Software,2012,23(12):3161-3174.(in Chinese)
钱权,萧超杰,张瑞.结构化对等网络中P2P僵尸网络传播模型[J].软件学报,2012,23(12):3161-3174.
[11]OUYANG C X,TAN L.New propagation model of Botnet on scale-free network [J].Computer Engineering and Applications,2013,49(9):110-114.(in Chinese)
欧阳晨星,谭良.无尺度网络下的僵尸网络传播模型研究[J].计算机工程与应用,2013,49(9):110-114.
[12]CAO X L,NIU Z L.Study on propagation model of botnet based on weighted networks [J].Computer Applications and Software,2012,30(7):180-184.(in Chinese)
曹晓丽,牛志玲.基于加权网络的僵尸网络传播模型研究[J].计算机应用与软件,2013,30(7):180-184.
[13]CHENG S P,TAN L,HUANG B,et al.Botnet propagationmodeling and analysis [J].Computer Engineering and Applications,2013,49(1):107-111.(in Chinese)
成淑萍,谭良,黄彪,等.僵尸网络传播模型分析[J].计算机工程与应用,2013,49(1):107-111.
[14]SRICHARAN K G,KISORE N R.Mathematical model to study propagation of computer worm in a network[C]∥2015 IEEE International Advance Computing Conference (IACC).IEEE,2015:772-777.
[15]REN W,SONG L P,FENG L P.A novel mathematical model on Peer-to-Peer botnet [J].Journal of Measurement Science and Instrumentation,2014,5(4):62-67.
[16]BUONO C,VAZQUEZ F,MACRI P A,et al.Slow epidemic extinction in populations with heterogeneous infection rates [J].Physical Review E,2013,88(2):022813.
[1] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[2] 张翕然, 刘万平, 龙华.
物联网僵尸网络病毒的传播动力学模型与分析
Dynamic Model and Analysis of Spreading of Botnet Viruses over Internet of Things
计算机科学, 2022, 49(6A): 738-743. https://doi.org/10.11896/jsjkx.210300212
[3] 张叶, 李志华, 王长杰.
基于核密度估计的轻量级物联网异常流量检测方法
Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection Method
计算机科学, 2021, 48(9): 337-344. https://doi.org/10.11896/jsjkx.200600108
[4] 杨超, 刘志.
基于TASEP模型的复杂网络级联故障研究
Study on Complex Network Cascading Failure Based on Totally Asymmetric Simple Exclusion Process Model
计算机科学, 2020, 47(9): 265-269. https://doi.org/10.11896/jsjkx.190700069
[5] 王栋, 商红慧, 张云泉, 李琨, 贺新福, 贾丽霞.
原子动力学蒙特卡洛程序MISA-KMC在反应堆压力容器钢辐照损伤研究中的应用
Application of Atomic Dynamics Monte Carlo Program MISA-KMC in Study of Irradiation Damage of Reactor Pressure Vessel Steel
计算机科学, 2020, 47(4): 30-35. https://doi.org/10.11896/jsjkx.191100045
[6] 黄光球, 陆秋琴.
垂直结构群落系统优化算法
Vertical Structure Community System Optimization Algorithm
计算机科学, 2020, 47(4): 194-203. https://doi.org/10.11896/jsjkx.190200273
[7] 赵敏,戴凤智.
基于气动参数调节的无人机抗扰动控制算法
Anti-disturbance Control Algorithm of UAV Based on Pneumatic Parameter Regulation
计算机科学, 2020, 47(3): 237-241. https://doi.org/10.11896/jsjkx.190200371
[8] 黄光球,陆秋琴.
保护区种群迁移动力学优化算法
Protected Zone-based Population Migration Dynamics Optimization Algorithm
计算机科学, 2020, 47(2): 186-194. https://doi.org/10.11896/jsjkx.181202338
[9] 刘小洋, 何道兵.
基于突发公共事件的信息传播动力学模型与舆情演化研究
Study on Information Propagation Dynamics Model and Opinion Evolution Based on Public Emergencies
计算机科学, 2019, 46(5): 320-326. https://doi.org/10.11896/j.issn.1002-137X.2019.05.050
[10] 张帅, 徐顺, 刘倩, 金钟.
基于GPU的分子动力学模拟Cell Verlet算法实现及其并行性能分析
Cell Verlet Algorithm of Molecular Dynamics Simulation Based on GPU and Its Parallel Performance Analysis
计算机科学, 2018, 45(10): 291-294. https://doi.org/10.11896/j.issn.1002-137X.2018.10.054
[11] 顾海俊,蒋国平,夏玲玲.
基于状态概率转移的SIRS病毒传播模型及其临界值分析
SIRS Epidemic Model and its Threshold Based on State Transition Probability
计算机科学, 2016, 43(Z6): 64-67. https://doi.org/10.11896/j.issn.1002-137X.2016.6A.014
[12] 宋元章.
基于排列熵与决策级多传感器数据融合的P2P僵尸网络检测方法
P2P Botnet Detection Based on Permutation Entropy and Multi-sensor Data Fusion on Decision Level
计算机科学, 2016, 43(7): 141-146. https://doi.org/10.11896/j.issn.1002-137X.2016.07.025
[13] 邱卫,杨英杰.
基于尖点突变模型的联动网络流量异常检测方法
Interaction Network Traffic Anomaly Detection Method Based on Cusp Catastrophic Model
计算机科学, 2016, 43(3): 163-166. https://doi.org/10.11896/j.issn.1002-137X.2016.03.031
[14] 陈连栋,张蕾,曲武,孔明.
一种分布式的僵尸网络实时检测算法
Distributed Real-time Botnet Detection Algorithm
计算机科学, 2016, 43(3): 127-136. https://doi.org/10.11896/j.issn.1002-137X.2016.03.026
[15] 方颖,徐炳吉.
一种基于荷控忆阻器的混沌电路
Charge-controlled Memristor-based Chaotic Circuit
计算机科学, 2014, 41(Z11): 447-450.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发