用户在线行为影响的僵尸网络防御策略研究

Botnets, used as common attack platforms by attackers, have become the most serious threats to the Internet. Nowadays, lots of researches on botnet's defense technique have been conducted by researchers but little of botnet's defense strategy has been touched. However, defense strategy can provide theoretical guidance for the application of defense techniques and be helpful to get the best defense effect. Under the circumstances of limited defense resources, the research of defense strategy becomes particularly important. Therefore, this research, aiming at the defense strategy based on propagation phase, analyzes the characteristics of social engineering serving as the current major propagation method. Then, the botnet's propagation and defense model based on stochastic game theory is proposed. By coupling user's on-line behavior model with the propagation and defense model, this research analyzes the user's social network accessing mode and user's suspicious links performing mode and their influences on botnet's propagation and defense strategies. Furthermore, the simulation platform is built based on the large amount of real data and then the correctness and effectiveness of theoretical results are validated with stochastic simulation. Thus, for a specific network, this research will contribute to reveal the potential threats caused by botnets and provide effective botnets defense strategies before the intrusion of botnets by advising defensers of the users needed to be monitored and the reinforcement schema.

僵尸网络作为攻击者控制的通用攻击平台,已经成为互联网络上最为严重的安全威胁。目前,僵尸网络的防御技术已被广泛研究,但僵尸网络的防御策略却研究甚少。然而,防御策略能为防御技术的应用提供理论指导,有助于获取最佳的防御效果。在防御资源有限的情况下,防御策略的研究尤为重要。为此,本项目针对僵尸网络传播阶段的防御策略展开研究,分析作为当前主流传播方式的社会工程手段特征,建立基于随机博弈理论的僵尸网络传播防御模型,通过耦合用户在线行为,研究用户对社交网络的访问模式和对可疑链接的处理方式,及其对僵尸网络的传播与防御策略的影响。本项目将收集大量真实数据,建立仿真平台,进而利用随机仿真验证理论分析结果的正确性和有效性。针对给定的目标网络,本项目的研究有助于揭示僵尸网络带来的潜在安全威胁,确定不同时段需要重点监控的用户,并提出针对性的安全加固方案,在僵尸网络入侵之前为目标网络提供有效的防御策略。