• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Engineering Technology >Avoiding honeypot detection in peer-to-peer botnets
【24h】

Avoiding honeypot detection in peer-to-peer botnets

机译:避免在点对点僵尸网络中的蜜罐检测

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

A botnet is group of compromised computers that are controlled by a botmaster, who uses them to perform illegal activities. Centralized and P2P (Peer-to-Peer) botnets are the most commonly used botnet types. Honeypots have been used in many systems as computer defense. They are used to attract botmasters to add them in their botnets; to become spies in exposing botnet attacker behaviors. In recent research works, improved mechanisms for honeypot detection have been proposed. Such mechanisms would enable bot masters to distinguish honeypots from real bots, making it more difficult for honeypots to join botnets. This paper presents a new method that can be used by security defenders to overcome the authentication procedure used by the advanced two-stage reconnaissance worm (ATSRW). The presented method utilizes the peer list information sent by an infected host during the ATSRW authentication process and uses a combination of IP address spoofing and fake TCP three-way handshake. The paper provides an analytical study on the performance and the success probability of the presented method. We show that the presented method provide a higher chance for honeypots to join botnets despite security measures taken by botmasters.
机译:僵尸网络是由BotMaster控制的受损计算机组,该计算机使用它们来执行非法活动。集中式和P2P(对等)僵尸网络是最常用的僵尸网络类型。蜜罐已被用于许多系统作为计算机防御。它们用于吸引BotMasters将它们添加到僵尸网络中;在暴露僵尸网络攻击者行为时变得间谍。在最近的研究作品中,提出了改进的蜜罐检测机制。这种机制能够使机器人大师区分蜜罐与真正的机器人,使蜜罐加入僵尸网络的更难。本文介绍了一种新方法,可以由安全防御者使用,以克服高级两级侦察蠕虫(ATSRW)使用的认证程序。呈现的方法利用受感染主机在ATSRW身份验证过程中发送的对等列表信息,并使用IP地址欺骗和假TCP三方握手的组合。本文对呈现方法的性能和成功概率提供了分析研究。我们表明,尽管BOTMASERS采取的安全措施,所呈现的方法可以为蜜罐加入硼网络的机会。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号