关键词: 僵尸网络, 命令控制信道, 网络对抗, 增值网络攻击, 综述

Abstract: Botnets, as one of the most effective platforms to launch cyber-attacks, pose great threats to the security of today’s cyber-space. Despite the fact that remarkable progress had been made in the researches of botnets’ both attack and defense technologies in recent years, the forms and command and control mechanisms of botnets, however, as Internet applications are put into a wider variety of uses and communication technologies upgraded more rapidly than ever, are also undergoing constant changes, bringing new challenges to defenders. For this reason, an in-depth investigation of botnets’ working mechanisms and development is of great significance to deal with the threats posed by botnets. This paper, with the attack technologies of botnets as its main focus, gives an comprehensive introduction of the working mechanisms of botnets in terms of its definition, transmission, lifecycle, malicious behaviors and command and control channels, and divides the botnets’ development into two stages, namely, attacks to traditional PC and extensive attacks, with the technological features, behavioral characteristics, case studies and evolutionary patterns of each stage elaborated in a detailed manner. After a summary of existing work on the defense of botnets with the limitations of each approach discussed, possible future attempts are presented.

Key words: botnet, command and control channel (C&C channel), countermeasure, value-added network attack, survey