CAJ | 학술논문

现有的僵尸网络技术和检测方法通常局限于某种特定的僵尸网络.为提高僵尸网络的隐秘性,提出了一种动态僵尸网络模型,利用有向图进行描述,可以表示不同类型的僵尸网络.对模型的暴露性、可恢复性和可持续性等动态属性进行量化分析,给出了一种僵尸主机主动丢弃原则.实验结果表明,提出的方法可以有效降低僵尸网络检测率,提高僵尸网络的可持续性和可恢复性.
현유적강시망락기술화검측방법통상국한우모충특정적강시망락.위제고강시망락적은비성,제출료일충동태강시망락모형,이용유향도진행묘술,가이표시불동류형적강시망락.대모형적폭로성、가회복성화가지속성등동태속성진행양화분석,급출료일충강시주궤주동주기원칙.실험결과표명,제출적방법가이유효강저강시망락검측솔,제고강시망락적가지속성화가회복성.
The existing Botnet techniques and detection methods are usually confined to specific Botnet. To improve the confidentiality of Botnet, the authors proposed a dynamic Botnet model described with directed graph, which can accommodate various Botnets. Several dynamic attributes of the proposed model were analyzed, such as exposedness, resilience, sustainability in detail, and then a bot abandon policy was presented. The experimental results indicate that the proposed method can decrease the Botnet＇s detection ratio and improve sustainability and resilience effectively.