ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (10): 2189-2206.doi: 10.7544/issn1000-1239.2016.20160419

所属专题: 2016网络空间共享安全研究进展专题

• 信息安全 • 上一篇    下一篇



  1. 1(北京邮电大学 北京 100876); 2(中国科学院信息工程研究所 北京 100097); 3(中国科学院大学 北京 101408); 4(东莞电子科技大学电子信息工程研究院 广东东莞 523808) (
  • 出版日期: 2016-10-01
  • 基金资助: 
    国家自然科学基金项目(61303239);广东省产学研合作项目“广东省健康云安全院士工作站”(2016B090921001) This work was supported by the National Natural Science Foundation of China (61303239) and the Industry-University-Research Cooperation Project of Guangdong Province (2016B090921001).

Study of Botnets Trends

Li Ke1,2, Fang Binxing1,4, Cui Xiang1,2,3, Liu Qixu2,3   

  1. 1(Beijing University of Posts and Telecommunications, Beijing, 100876); 2(Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100097); 3(University of Chinese Academy of Sciences, Beijing, 101408); 4(Institute of Electronic and Information Engineering, Dongguan University of Electronic Science and Technology of China, Dongguan, Guangdong, 523808)
  • Online: 2016-10-01

摘要: 僵尸网络(botnet)作为最有效的网络攻击平台,给当今互联网安全带来了巨大威胁.虽然近几年关于僵尸网络的攻防技术研究取得了显著进展,然而,伴随着互联网应用的多元化以及通信技术的不断革新,僵尸网络的形态和命令控制机制也在不断发生变化,这给防御人员带来了新的挑战.深入了解僵尸网络运行机理和发展趋势对有效应对僵尸网络引发的安全威胁具有重要意义.以僵尸网络攻击技术为核心,从形式化定义、传播方式、生命周期、恶意行为、命令控制信道方面对僵尸网络机理进行全面介绍,按时间顺序将僵尸网络的发展历程划分为PC攻击和广泛攻击2个阶段,对各阶段的技术特点、行为特性、代表案例以及演化规律进行详细阐述,总结当今僵尸网络防御方法和研究成果,对已有研究遗留的问题和未来可能研究热点进行讨论.

关键词: 僵尸网络, 命令控制信道, 网络对抗, 增值网络攻击, 综述

Abstract: Botnets, as one of the most effective platforms to launch cyber-attacks, pose great threats to the security of today’s cyber-space. Despite the fact that remarkable progress had been made in the researches of botnets’ both attack and defense technologies in recent years, the forms and command and control mechanisms of botnets, however, as Internet applications are put into a wider variety of uses and communication technologies upgraded more rapidly than ever, are also undergoing constant changes, bringing new challenges to defenders. For this reason, an in-depth investigation of botnets’ working mechanisms and development is of great significance to deal with the threats posed by botnets. This paper, with the attack technologies of botnets as its main focus, gives an comprehensive introduction of the working mechanisms of botnets in terms of its definition, transmission, lifecycle, malicious behaviors and command and control channels, and divides the botnets’ development into two stages, namely, attacks to traditional PC and extensive attacks, with the technological features, behavioral characteristics, case studies and evolutionary patterns of each stage elaborated in a detailed manner. After a summary of existing work on the defense of botnets with the limitations of each approach discussed, possible future attempts are presented.

Key words: botnet, command and control channel (C&C channel), countermeasure, value-added network attack, survey