蜜罐先知型半分布式P2P Botnet的构建及检测方法

计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (7): 89-92.

蜜罐先知型半分布式P2P Botnet的构建及检测方法

谢静1，谭良1，2，3，周明天3

1.四川师范大学计算机学院，成都 610068
2.中国科学院计算技术研究所，北京 100081
3.电子科技大学计算机科学与工程学院，成都 610054

收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-03-01 发布日期:2011-03-01

Construction and detection method of honeypot-prescient semi-distributed Peer-to-Peer Botnet

XIE Jing1，TAN Liang1，2，3，ZHOU Mingtian3

1.College of Computer，Sichuan Normal University，Chengdu 610068，China
2.Institute of Computing Technology，Chinese Academy of Sciences，Beijing 100081，China
3.School of Computer Science and Engineering，University of Electronic Science and Technology of China，Chengdu 610054，China

Received:1900-01-01 Revised:1900-01-01 Online:2011-03-01 Published:2011-03-01

摘要/Abstract

摘要： 蜜罐技术在僵尸网络（botnet）的防御和检测中扮演着重要的角色。攻击者可能会利用已有的基于蜜罐防御技术的漏洞，即防御者配置蜜罐要担当一定的责任，不允许蜜罐参与真实的攻击，进而构建出可以躲避蜜罐的botnet。针对这一问题，提出了攻击者利用认证sensor组建的蜜罐先知型半分布式P2P botnet，针对此类botnet，提出了用高交互性蜜罐和低交互性蜜罐相结合的双重蜜罐检测技术，并与传统蜜罐技术做了比较。理论分析表明，该检测方法能够有效地弥补蜜罐防御技术的漏洞，提高了蜜罐先知型半分布式P2P botnet的检出率。

关键词: 半分布式P2P botnet, 蜜罐先知, 双重蜜罐, 检测模型

Abstract: The honeypot technology plays an important role in detecting and defending botnet.The existing honeypot technologies have a serious vulnerability，that is the defender has the responsibility to prevent honeypot from attacking in configuring.An attacker may make use of the sensor authenticators to build a botnet which can avoid the honeypot.For such botnet，the proposed honeypot-prescient Semi-Distributed P2P botnet has been given.A double-honeypot detection method has been presented，which combines highly interactive honeypot with low-interaction honeypot to detect this botnet，this method has been analysed compared with traditional honeypot technology.The experiment result shows that the detection method can effectively close the vulnerability of honeypot defense technology，and improve the detection rate of honeypot-prescient Semi-Distributed P2P botnet.

Key words: semi-distributed P2P botnet, honeypot-prescient, double-honeypot, detecting model

谢静1，谭良1，2，3，周明天3. 蜜罐先知型半分布式P2P Botnet的构建及检测方法[J]. 计算机工程与应用, 2011, 47(7): 89-92.

XIE Jing1，TAN Liang1，2，3，ZHOU Mingtian3. Construction and detection method of honeypot-prescient semi-distributed Peer-to-Peer Botnet[J]. Computer Engineering and Applications, 2011, 47(7): 89-92.

[1]	秦利斌，刘纯平，王朝晖，季怡. 一种改进的时空线索的视频显著目标检测方法[J]. 计算机工程与应用, 2015, 51(16): 161-165.
[2]	刘华鹏1，刘胜全1，2，刘艳1，张华楠1，李鹏1. 基于语义的Web内容安全检测模型[J]. 计算机工程与应用, 2014, 50(14): 116-120.
[3]	王亚1，2，熊焰1，龚旭东1，陆琦玮1. 基于混沌PSO算法优化RBF网络入侵检测模型[J]. 计算机工程与应用, 2013, 49(10): 84-87.