Android平台可控僵尸网络的设计与实现
发布时间:2019-01-03 16:56
【摘要】:随着Android手机的硬件性能和市场占有率不断提升,越来越多的黑客将目光投向Android手机。目前,关于移动终端安全问题的报告屡见不鲜,引起了研究学者的广泛关注。本文深入研究基于Android平台的可控僵尸网络,掌握僵尸程序的实现方法和运行机理,探讨各类僵尸网络的控制策略,为Android手机安全防护软件提供一个攻击平台。 本文通过独立隔离实验环境的建立、通信数据加密和僵尸程序自动销毁三种策略实现系统的可控性,保证系统的安全性和无危害性。 本文通过对已有恶意代码的研究与分析,完成了载体应用和僵尸程序两个模块,僵尸程序通过代码混淆手段隐藏在作为载体应用的课程管理系统中。僵尸程序具有获取用户信息、后台发短信、后台打电话、向指定IP发起DDOS攻击和数据处理五个功能。其中,数据处理模块包含用户信息上传和控制命令解析两个子模块。 本文以WEB服务器作为Android平台可控僵尸网络的控制端,采用具有异步交互访问功能的Tornado作为服务器框架,实现了信息展示与命令发布、数据库设计以及通信控制三大模块。信息展示与命令发布模块用于控制者登录、受控手机信息显示和可视化命令发布。数据库模块采用MongoDB以JSON格式对用户信息和控制命令进行存储。通信控制模块通过改进基于HTTP协议的轮询机制,实现控制命令发布。 测试结果表明,本系统的Android手机端和WEB控制端的各个功能模块均可稳定运行,受控手机能够根据控制命令执行相关功能;含有僵尸程序的载体应用在各版本Android手机的性能测试中也展示出了良好的性能;在真实环境下,系统也可以正常运行,能够达到预期的效果。
[Abstract]:With the increasing hardware performance and market share of Android phones, more and more hackers are turning their attention to Android phones. At present, the report on the security of mobile terminals is common and has attracted the attention of researchers. In this paper, the controllable botnet based on Android platform is deeply studied, the realization method and running mechanism of botnet are grasped, and the control strategy of various botnet is discussed, which provides an attack platform for Android mobile phone security protection software. This paper realizes the controllability of the system through the establishment of the independent isolation experimental environment, the encryption of communication data and the automatic destruction of the zombie program, so as to ensure the security and no harm of the system. In this paper, two modules of carrier application and zombie program are completed through the research and analysis of existing malicious code. Zombie program is hidden in the curriculum management system as carrier application by means of code confusion. Zombie programs have access to user information, background messaging, background phone calls, DDOS attacks to the designated IP and data processing five functions. The data processing module includes two sub-modules: user information upload and control command parsing. In this paper, the WEB server is used as the control end of the controllable botnet on the Android platform, and the Tornado with asynchronous interactive access function is used as the server framework. The three modules of information display and command release, database design and communication control are realized. Information display and command release module is used to control the login, controlled mobile phone information display and visual command release. The database module uses MongoDB to store user information and control commands in JSON format. By improving the polling mechanism based on HTTP protocol, the communication control module can issue control commands. The test results show that each function module of the Android mobile phone and the WEB control end of the system can run stably, and the controlled mobile phone can perform the related functions according to the control command. The carrier with zombie program also shows good performance in the performance test of each version of Android mobile phone. In the real environment, the system can also run normally and achieve the desired results.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2399646
[Abstract]:With the increasing hardware performance and market share of Android phones, more and more hackers are turning their attention to Android phones. At present, the report on the security of mobile terminals is common and has attracted the attention of researchers. In this paper, the controllable botnet based on Android platform is deeply studied, the realization method and running mechanism of botnet are grasped, and the control strategy of various botnet is discussed, which provides an attack platform for Android mobile phone security protection software. This paper realizes the controllability of the system through the establishment of the independent isolation experimental environment, the encryption of communication data and the automatic destruction of the zombie program, so as to ensure the security and no harm of the system. In this paper, two modules of carrier application and zombie program are completed through the research and analysis of existing malicious code. Zombie program is hidden in the curriculum management system as carrier application by means of code confusion. Zombie programs have access to user information, background messaging, background phone calls, DDOS attacks to the designated IP and data processing five functions. The data processing module includes two sub-modules: user information upload and control command parsing. In this paper, the WEB server is used as the control end of the controllable botnet on the Android platform, and the Tornado with asynchronous interactive access function is used as the server framework. The three modules of information display and command release, database design and communication control are realized. Information display and command release module is used to control the login, controlled mobile phone information display and visual command release. The database module uses MongoDB to store user information and control commands in JSON format. By improving the polling mechanism based on HTTP protocol, the communication control module can issue control commands. The test results show that each function module of the Android mobile phone and the WEB control end of the system can run stably, and the controlled mobile phone can perform the related functions according to the control command. The carrier with zombie program also shows good performance in the performance test of each version of Android mobile phone. In the real environment, the system can also run normally and achieve the desired results.
【学位授予单位】:哈尔滨工业大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前4条
1 张运凯,王方伟,张玉清,马建峰;蠕虫病毒的传播机制研究[J];计算机应用研究;2005年04期
2 怀进鹏;李沁;胡春明;;基于虚拟机的虚拟计算环境研究与设计[J];软件学报;2007年08期
3 晓岸;;冷观斯诺登事件的三个角度[J];世界知识;2013年13期
4 史创明,王立新;数字签名及PKI技术原理与应用[J];微计算机信息;2005年08期
,本文编号:2399646
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2399646.html
