摘要
僵尸网络是目前互联网安全领域最严重的威胁之一,与传统的IRC僵尸网络相比,树状僵尸网络有其实现起来相对简单的特点,因而现今在网络上开始迅猛流行起来.本文简要介绍了传统僵尸网络的防御方法,给出了一级控制的树状僵尸网络的网络拓扑图,在此基础上提出了一种基于树状的僵尸网络的检测方案,包括其设计思路、规则库的建立,给出了本方案的创新点.事实证明,本方案对准确定位僵尸网络及找到其幕后控制者可以起到良好的效果.
Botnet is one of the most serious threats to the security of the Internet nowadays. As compared with IRC Botnet,the reality of tree Bother is easier. Thus it begins to pop up rapidly on the network in the present day. The defense methods of the traditional Botnet are briefly introduced in this article, then the topology of tree Botnet that single-level controlling is also presented, based on the analysis, the methods for detecting tree Bother are given,including the design of the program, as well as the rule library creating. The innovation point of the program is given in the summary. Facts have proved that the design is effective and helpful to locate the Botnet and found the controller of the Botnet.
出处
《天津理工大学学报》
2009年第4期56-59,共4页
Journal of Tianjin University of Technology
关键词
树状僵尸网络
特征检测
“蜜罐”技术
抓包
规则库
tree Botnet
feature detecting
Honeypot technology
captureing packet
rule library
