【摘要】：僵尸網(wǎng)絡(luò)(Botnet)是一種新型的攻擊網(wǎng)絡(luò),它由大量的僵尸節(jié)點(diǎn)組成,每個僵尸節(jié)點(diǎn)是一個被僵尸病毒程序(Bot)感染的主機(jī),在控制者和僵尸主機(jī)之間形成一個可以一對多進(jìn)行控制的網(wǎng)絡(luò)。僵尸網(wǎng)絡(luò)已經(jīng)是當(dāng)前世界安全的主要威脅,破壞伊朗核計劃的震網(wǎng)病毒事件、斯諾登事件已經(jīng)為世界各國政府敲響了警鐘。為了更好地應(yīng)對僵尸網(wǎng)絡(luò)的威脅,需要不斷模擬僵尸網(wǎng)絡(luò)的攻擊,以便更好地提出遏制其發(fā)展的對策。 為了更好地理解僵尸網(wǎng)絡(luò)的攻擊原理,本文首先研究了IRC. HTTP和P2P僵尸網(wǎng)絡(luò)的工作模型,并從中分別挑選Sdbot、Torpig、Phatbot三種典型僵尸網(wǎng)絡(luò)做了詳細(xì)的機(jī)理分析。其次設(shè)計了基于HTTP協(xié)議的僵尸網(wǎng)絡(luò)攻擊模擬平臺,對該平臺進(jìn)行了需求分析、工作流程設(shè)計、功能結(jié)構(gòu)設(shè)計和數(shù)據(jù)庫設(shè)計。最后,對僵尸網(wǎng)絡(luò)攻擊模擬平臺進(jìn)行了技術(shù)實(shí)現(xiàn),在通信方面,控制端和受控端之間采用Socket通信,同時為了適應(yīng)HTTP僵尸網(wǎng)絡(luò)的工作模式,每個受控端采用了反向連接技術(shù),通過輪詢的方法每隔20秒查詢僵尸控制端是否有控制命令發(fā)送；在控制端方面,該平臺采用Apache+Mysql+PHP技術(shù),同時設(shè)計了控制每個僵尸節(jié)點(diǎn)的控制指令；在受控端方面,通過研究Windows操作系統(tǒng)消息機(jī)制、API函數(shù)和注冊表相關(guān)知識,該平臺采用C++語言實(shí)現(xiàn)了信息竊取、屏幕截取、網(wǎng)頁欺騙、惡意軟件推薦和系統(tǒng)操作5個攻擊模塊；最后,本文對整個攻擊模擬平臺進(jìn)行了測試,控制端和受控端可以正常通信,受控端的攻擊功能也達(dá)到了預(yù)期設(shè)定目標(biāo)。
[Abstract]:Botnet (Botnet) is a new attack network, which consists of a large number of botnet nodes. Each botnet node is a host infected by botnet program (Bot). A one-to-many control network is formed between the controller and the zombie host. Botnets are already a major threat to world security, and Snowden has been a wake-up call for governments around the world over the earthquake virus that has disrupted Iran's nuclear program. In order to deal with the threat of botnet, it is necessary to simulate the attack of botnet constantly in order to put forward better countermeasures to curb the development of botnet. In order to better understand the attack principle of botnet, this paper first studies IRC. The working models of HTTP and P2P botnets are analyzed in detail, from which three typical botnets named Sdbotbott Torpigment Phatbot are selected and analyzed in detail. Secondly, the botnet attack simulation platform based on HTTP protocol is designed, and the requirements analysis, workflow design, function structure design and database design of the platform are carried out. Finally, the botnet attack simulation platform is implemented. In the aspect of communication, Socket communication is used between the control end and the controlled end. In order to adapt to the working mode of the HTTP botnet, each controlled end adopts the reverse connection technology. In the control side, the platform adopts Apache Mysql PHP technology and designs the control instruction to control each zombie node. By studying the message mechanism of Windows operating system and the knowledge of registry, the platform uses C language to realize five attack modules: information stealing, screen capture, web page spoofing, malware recommendation and system operation. In this paper, the whole attack simulation platform is tested, the control end and the controlled end can communicate normally, and the attack function of the controlled side also achieves the expected target.
【學(xué)位授予單位】：西南交通大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08;TP311.52

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 尹傳勇,劉壽強(qiáng),黃偉,夏娟;蠕蟲病毒深度解析[J];計算機(jī)安全;2003年09期

2 汪貴生;夏陽;;計算機(jī)安全漏洞分類研究[J];計算機(jī)安全;2008年11期

3 應(yīng)凌云;馮登國;蘇璞睿;;基于P2P的僵尸網(wǎng)絡(luò)及其防御[J];電子學(xué)報;2009年01期

4 方濱興;崔翔;王威;;僵尸網(wǎng)絡(luò)綜述[J];計算機(jī)研究與發(fā)展;2011年08期

5 王雨晨;系統(tǒng)漏洞原理與常見攻擊方法[J];計算機(jī)工程與應(yīng)用;2001年03期

6 朱明,徐騫,劉春明;木馬病毒分析及其檢測方法研究[J];計算機(jī)工程與應(yīng)用;2003年28期

7 康治平;向宏;;特洛伊木馬隱藏技術(shù)研究及實(shí)踐[J];計算機(jī)工程與應(yīng)用;2006年09期

8 張裔智;趙毅;湯小斌;;MD5算法研究[J];計算機(jī)科學(xué);2008年07期

9 單國棟,戴英俠,王航;計算機(jī)漏洞分類研究[J];計算機(jī)工程;2002年10期

10 楊彥;黃皓;;Windows Rootkit隱藏技術(shù)研究[J];計算機(jī)工程;2008年12期

，

本文編號：2183792