僵尸网络攻击模拟平台的研究与实现
发布时间:2018-08-14 18:50
【摘要】:僵尸网络(Botnet)是一种新型的攻击网络,它由大量的僵尸节点组成,每个僵尸节点是一个被僵尸病毒程序(Bot)感染的主机,在控制者和僵尸主机之间形成一个可以一对多进行控制的网络。僵尸网络已经是当前世界安全的主要威胁,破坏伊朗核计划的震网病毒事件、斯诺登事件已经为世界各国政府敲响了警钟。为了更好地应对僵尸网络的威胁,需要不断模拟僵尸网络的攻击,以便更好地提出遏制其发展的对策。 为了更好地理解僵尸网络的攻击原理,本文首先研究了IRC. HTTP和P2P僵尸网络的工作模型,并从中分别挑选Sdbot、Torpig、Phatbot三种典型僵尸网络做了详细的机理分析。其次设计了基于HTTP协议的僵尸网络攻击模拟平台,对该平台进行了需求分析、工作流程设计、功能结构设计和数据库设计。最后,对僵尸网络攻击模拟平台进行了技术实现,在通信方面,控制端和受控端之间采用Socket通信,同时为了适应HTTP僵尸网络的工作模式,每个受控端采用了反向连接技术,通过轮询的方法每隔20秒查询僵尸控制端是否有控制命令发送;在控制端方面,该平台采用Apache+Mysql+PHP技术,同时设计了控制每个僵尸节点的控制指令;在受控端方面,通过研究Windows操作系统消息机制、API函数和注册表相关知识,该平台采用C++语言实现了信息窃取、屏幕截取、网页欺骗、恶意软件推荐和系统操作5个攻击模块;最后,本文对整个攻击模拟平台进行了测试,控制端和受控端可以正常通信,受控端的攻击功能也达到了预期设定目标。
[Abstract]:Botnet (Botnet) is a new attack network, which consists of a large number of botnet nodes. Each botnet node is a host infected by botnet program (Bot). A one-to-many control network is formed between the controller and the zombie host. Botnets are already a major threat to world security, and Snowden has been a wake-up call for governments around the world over the earthquake virus that has disrupted Iran's nuclear program. In order to deal with the threat of botnet, it is necessary to simulate the attack of botnet constantly in order to put forward better countermeasures to curb the development of botnet. In order to better understand the attack principle of botnet, this paper first studies IRC. The working models of HTTP and P2P botnets are analyzed in detail, from which three typical botnets named Sdbotbott Torpigment Phatbot are selected and analyzed in detail. Secondly, the botnet attack simulation platform based on HTTP protocol is designed, and the requirements analysis, workflow design, function structure design and database design of the platform are carried out. Finally, the botnet attack simulation platform is implemented. In the aspect of communication, Socket communication is used between the control end and the controlled end. In order to adapt to the working mode of the HTTP botnet, each controlled end adopts the reverse connection technology. In the control side, the platform adopts Apache Mysql PHP technology and designs the control instruction to control each zombie node. By studying the message mechanism of Windows operating system and the knowledge of registry, the platform uses C language to realize five attack modules: information stealing, screen capture, web page spoofing, malware recommendation and system operation. In this paper, the whole attack simulation platform is tested, the control end and the controlled end can communicate normally, and the attack function of the controlled side also achieves the expected target.
【学位授予单位】:西南交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08;TP311.52
本文编号:2183792
[Abstract]:Botnet (Botnet) is a new attack network, which consists of a large number of botnet nodes. Each botnet node is a host infected by botnet program (Bot). A one-to-many control network is formed between the controller and the zombie host. Botnets are already a major threat to world security, and Snowden has been a wake-up call for governments around the world over the earthquake virus that has disrupted Iran's nuclear program. In order to deal with the threat of botnet, it is necessary to simulate the attack of botnet constantly in order to put forward better countermeasures to curb the development of botnet. In order to better understand the attack principle of botnet, this paper first studies IRC. The working models of HTTP and P2P botnets are analyzed in detail, from which three typical botnets named Sdbotbott Torpigment Phatbot are selected and analyzed in detail. Secondly, the botnet attack simulation platform based on HTTP protocol is designed, and the requirements analysis, workflow design, function structure design and database design of the platform are carried out. Finally, the botnet attack simulation platform is implemented. In the aspect of communication, Socket communication is used between the control end and the controlled end. In order to adapt to the working mode of the HTTP botnet, each controlled end adopts the reverse connection technology. In the control side, the platform adopts Apache Mysql PHP technology and designs the control instruction to control each zombie node. By studying the message mechanism of Windows operating system and the knowledge of registry, the platform uses C language to realize five attack modules: information stealing, screen capture, web page spoofing, malware recommendation and system operation. In this paper, the whole attack simulation platform is tested, the control end and the controlled end can communicate normally, and the attack function of the controlled side also achieves the expected target.
【学位授予单位】:西南交通大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08;TP311.52
【参考文献】
相关期刊论文 前10条
1 尹传勇,刘寿强,黄伟,夏娟;蠕虫病毒深度解析[J];计算机安全;2003年09期
2 汪贵生;夏阳;;计算机安全漏洞分类研究[J];计算机安全;2008年11期
3 应凌云;冯登国;苏璞睿;;基于P2P的僵尸网络及其防御[J];电子学报;2009年01期
4 方滨兴;崔翔;王威;;僵尸网络综述[J];计算机研究与发展;2011年08期
5 王雨晨;系统漏洞原理与常见攻击方法[J];计算机工程与应用;2001年03期
6 朱明,徐骞,刘春明;木马病毒分析及其检测方法研究[J];计算机工程与应用;2003年28期
7 康治平;向宏;;特洛伊木马隐藏技术研究及实践[J];计算机工程与应用;2006年09期
8 张裔智;赵毅;汤小斌;;MD5算法研究[J];计算机科学;2008年07期
9 单国栋,戴英侠,王航;计算机漏洞分类研究[J];计算机工程;2002年10期
10 杨彦;黄皓;;Windows Rootkit隐藏技术研究[J];计算机工程;2008年12期
,本文编号:2183792
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2183792.html
