{"id":385,"date":"2012-11-24T18:57:00","date_gmt":"2012-11-24T10:57:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=385"},"modified":"2024-02-17T20:33:38","modified_gmt":"2024-02-17T12:33:38","slug":"botnet","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/385","title":{"rendered":"botnet"},"content":{"rendered":"\n

Botnet\u662f\u4e00\u7fa4\u611f\u67d3\u60e1\u610f\u8edf\u9ad4\u4e26\u53d7\u99ed\u5ba2\u63a7\u5236\u7684\u96fb\u8166\uff0c\u662f\u8a31\u591a\u7db2\u8def\u5b89\u5168\u5a01\u8105\u7684\u4e3b\u8981\u4f86\u6e90(Sun et al, 2006)\u3002\u99ed\u5ba2\u53ef\u63a7\u5236\u591a\u53f0\u96fb\u8166\u9032\u884c\u4e0d\u540c\u7a2e\u985e\u7684\u653b\u64ca\uff0c\u5305\u62ec\u5206\u6563\u5f0f\u963b\u65b7\u670d\u52d9\u653b\u64ca(DDoS)\u3001\u767c\u9001\u5783\u573e\u90f5\u4ef6\u53ca\u91e3\u9b5a\u90f5\u4ef6\u3001\u7834\u89e3\u5bc6\u78bc\u3001\u5077\u53d6\u654f\u611f\u500b\u4eba\u8cc7\u6599\u7b49\u3002\u800c\u4e14Botnet\u7684\u6280\u8853\u66f4\u662f\u65e5\u65b0\u6708\u7570\uff0c\u9020\u6210\u7684\u640d\u5931\u4e5f\u8d8a\u4f86\u8d8a\u5927\uff0c\u518d\u52a0\u4e0a\u4e00\u822c\u6c11\u773e\u4f7f\u7528\u96fb\u8166\u6c92\u6709\u8b66\u89ba\u5fc3\uff0c\u66f4\u52a9\u9577Botnet\u7684\u64f4\u5f35\uff0c\u9020\u6210\u7db2\u7ba1\u4eba\u54e1\u5f88\u5927\u7684\u56f0\u64fe\u3002\u3000<\/p>\n\n\n\n

ps
attackers can use botnets to perform:
*ddos attacks
*spamming
*sniffing traffic
*keylogging
*spreading new malware
*installing advertisement add-ons and BHOs(browser helper objects)
*google adsense abuse
*attacking IRC chat networks
*manipulating online polls\/games
*mass identity theft\u00a0<\/p>\n\n\n\n

Botnet\u7684\u7d44\u6210<\/strong>
\u53ef\u5206\u70ba\u4e09\u90e8\u4efd(Wang et al, 2008)\uff0c\u5206\u5225\u63cf\u8ff0\u5982\u4e0b\uff1a
Botmaster\uff1a<\/strong>
\u4e5f\u5c31\u662f\u99ed\u5ba2\u672c\u8eab\uff0c\u4e5f\u53ef\u7a31\u70baBotheader\uff0c\u4e3b\u8981\u900f\u904e\u7db2\u8def\u50b3\u9054\u547d\u4ee4\u7d66Botnet\u4e26\u8a2d\u6cd5\u8b93\u81ea\u5df1\u96b1\u85cf\u800c\u4e0d\u88ab\u627e\u5230\u3002
Botclient\uff1a<\/strong>
\u4e5f\u7a31\u70baBot\uff0c\u4e00\u4f46Botmaster\u900f\u904e\u60e1\u610f\u7a0b\u5f0f\u63a7\u5236\u5230\u4f7f\u7528\u8005\u7684\u96fb\u8166\uff0c\u8b93\u8a72\u96fb\u8166\u8655\u7406\u88ab\u9059\u63a7\u7684\u72c0\u614b\u6642\uff0c\u8a72\u96fb\u8166\u5247\u70baBotclient\u3002\u4e00\u822c\u4f86\u8aaa\uff0cBotclient\u5f88\u96e3\u5bdf\u89ba\u5230\u81ea\u5df1\u662f\u5426\u5df2\u7d93\u6210\u70baBotnet\u7684\u4e00\u4efd\u5b50\uff0c\u7db2\u7ba1\u4eba\u54e1\u66f4\u96e3\u767c\u73fe\u5340\u57df\u7db2\u8def\u5167\u6709\u591a\u5c11\u96fb\u8166\u4e2d\u5df2\u7d93\u88abBotmaster\u6240\u64cd\u63a7\u3002
C&C Server (Command and Control Server)\uff1a<\/strong>
\u63a5\u6536Botmaster\u547d\u4ee4\u7684\u4f3a\u670d\u5668\uff0c\u8ca0\u8cac\u547d\u4ee4\u7684\u50b3\u905e\u8207\u63a7\u5236\u6574\u500bBotnet\uff0cBotmaster\u53ef\u7d93\u7531C&C Server\u77e5\u9053\u6574\u500bBotnet\u7684Botclient\u6578\u91cf\u53ca\u76f8\u95dc\u8cc7\u8a0a\u3002<\/p>\n\n\n\n


Botnet\u7684\u611f\u67d3\u6d41\u7a0b<\/strong>
\u611f\u67d3\u6d41\u7a0b\u4e3b\u8981\u5206\u70ba\u56db\u5927\u6b65\u9a5f(Kalt, 2000; Zhu et al, 2008; Feily et al, 2009)\uff0c\u5206\u5225\u63cf\u8ff0\u5982\u4e0b\uff1a
Step1.<\/strong>
Botnet\u4e2d\u7684\u6210\u54e1\u6703\u900f\u904e\u4e0d\u540c\u7684\u65b9\u5f0f\u611f\u67d3\u4e3b\u6a5f\uff0c\u5e38\u898b\u7684\u611f\u67d3\u9014\u7d93\u6709
(a)\u6383\u63cf\u6709\u5f31\u9ede\u7684\u4e3b\u6a5f\uff1a
\u3000\u985e\u4f3c\u8815\u87f2(worms)\u7684\u611f\u67d3\u6a21\u5f0f\uff0c\u6703\u6383\u63cf\u7db2\u8def\u4e0a\u7684\u4e3b\u6a5f\uff0c
\u3000\u5728\u5c0d\u6709\u5f31\u9ede\u7684\u4e3b\u6a5f\uff0c\u4ee5\u4e0d\u540c\u7684\u5165\u4fb5\u65b9\u6cd5\u611f\u67d3\u53d7\u5bb3\u4e3b\u6a5f\u3002
(b)\u50b3\u9001\u60e1\u610f\u8a0a\u606f\uff1a
\u3000\u5728\u4fe1\u4ef6\u6216\u5373\u6642\u8a0a\u606f\u4e2d\uff0c\u593e\u5e36\u60e1\u610f\u7a0b\u5f0f\u8a98\u5c0e\u4f7f\u7528\u8005\u958b\u555f\uff0c
\u3000\u6216\u63d0\u4f9b\u60e1\u610f\u7db2\u9801\u7684\u8d85\u9023\u7d50\u8a98\u5c0e\u4f7f\u7528\u8005\u9ede\u64ca\uff0c\u4e00\u4f46\u4f7f\u7528\u8005\u89f8\u767c\u60e1\u610f\u7a0b\u5f0f\u5c31\u6703\u88ab\u5165\u4fb5\u3002
(c)\u651c\u5e36\u5f0f\u5132\u5b58\u8a2d\u5099\uff1a
\u3000\u5982\u540c\u50b3\u7d71\u7684\u75c5\u6bd2\u611f\u67d3\u6a21\u5f0f\uff0c\u900f\u904e\u96a8\u8eab\u789f\u7b49\u53ef\u651c\u5e36\u5f0f\u7684\u5132\u5b58\u8a2d\u5099\uff0c
\u3000\u5c07\u60e1\u610f\u7a0b\u5f0f\u6563\u64ad\u5230\u6709\u4f7f\u7528\u8a72\u8a2d\u5099\u7684\u96fb\u8166\uff0c
\u3000\u4e00\u4f46\u4f7f\u7528\u8005\u9ede\u64ca\u507d\u88dd\u6210\u6b63\u5e38\u7a0b\u5f0f\u7684\u60e1\u610f\u7a0b\u5f0f\u5c31\u6703\u88ab\u611f\u67d3\u3002
Step2.<\/strong>
\u88ab\u611f\u67d3\u7684\u53d7\u5bb3\u4e3b\u6a5f\u6703\u5f9eC&C Server\u6216\u7279\u5225\u7684\u4f4d\u7f6e\uff0c\u4f7f\u7528FTP\u3001HTTP\u3001P2P\u7b49\u65b9\u5f0f\u4e0b\u8f09\u4e26\u5b89\u88dd\u76f8\u95dcMalicious Binary\uff0c\u6216\u7a31Bot Binary Code\uff0c\u53d7\u5bb3\u4e3b\u6a5f\u4e00\u4f46\u5b89\u88dd\u6210\u529f\uff0c\u5c31\u6703\u6210Botnet\u7684\u5176\u4e2d\u4e00\u53f0Botclient
Step3.<\/strong>
Botclient\u6703\u91cd\u8986Step1\u64f4\u5927Botnet\u7bc4\u570d\uff0c\u4e26\u548cC&C Server\u5efa\u7acb\u8d77\u547d\u4ee4\u548c\u63a7\u5236\u7684\u901a\u9053\uff0c\u63a5\u8457Botmaster\u5c31\u53ef\u4ee5\u900f\u904eC&C Server\u7684\u901a\u9053\u50b3\u64ad\u6307\u4ee4\u7d66\u6240\u6709Botclient\uff0c\u800cBotclient\u6703\u63a5\u6536\u4e26\u57f7\u884cBotmaster\u7684\u6307\u4ee4
Step4.<\/strong>
Botclient\u6703\u900f\u904eC&C Server\u6301\u7e8c\u66f4\u65b0\u60e1\u610f\u7a0b\u5f0f\u672c\u8eab\uff0c\u5e38\u898b\u7684\u7406\u7531\u5982\u4e0b
(a)\u8eb2\u907f\u5075\u6e2c\u7cfb\u7d71\uff1a
\u3000\u60e1\u610f\u7a0b\u5f0f\u5fc5\u9808\u4e0d\u65b7\u66f4\u65b0\u4ee5\u6539\u8b8a\u7279\u5fb5\uff0c\u4f7f\u5075\u6e2c\u7cfb\u7d71\u7121\u6cd5\u7acb\u5373\u767c\u73fe
(b)\u589e\u52a0\u65b0\u529f\u80fd\uff1a
\u3000Botmaster\u8981\u589e\u52a0\u60e1\u610f\u7a0b\u5f0f\u7684\u65b0\u529f\u80fd
(c)\u66f4\u63dbC&C Server\uff1a
\u3000C&C Server\u6bcf\u9694\u4e00\u6bb5\u6642\u9593\u6703\u6709\u8b8a\u52d5\u4ee5\u964d\u4f4e\u88ab\u767c\u73fe\u7684\u6a5f\u7387\uff0c
\u3000\u56e0\u6b64\u60e1\u610f\u7a0b\u5f0f\u8981\u4e0d\u65b7\u66f4\u65b0C&C Server\u7684\u6e05\u55ae
ps:
\u4ee5agobot\u70ba\u4f8b
Agobot infect step:
1 mode of infection
2 massive spreading stage
3 connect back to IRC
4 attacker takes control of the victim’s computer<\/p>\n\n\n\n


C&C Server\u7684\u62d3\u6a38\u6a21\u5f0f<\/strong>
\u7531\u65bcBotnet\u7684\u8cc7\u6599\u4ea4\u63db\u8207\u8a0a\u606f\u7684\u50b3\u8f38\u4e3b\u8981\u4f9d\u8cf4C&C Server\uff0c\u56e0\u6b64C&C Server\u7684\u62d3\u6a38\u6a21\u5f0f\u6703\u6c7a\u5b9a\u6574\u500bBotnet\u7684\u67b6\u69cb\uff0c\u5e38\u898b\u7684\u62d3\u6a38\u6a21\u5f0f\u4e3b\u8981\u53ef\u5206\u70ba\u4ee5\u4e0b\u5e7e\u7a2e\uff1a(Ollmann, 2009)
\u661f\u72c0\u62d3\u6a38<\/strong>
\u6240\u6709\u7684Botclient\u9023\u5230\u540c\u4e00\u53f0C&C Server\uff0cBotmaster\u53ea\u8981\u900f\u904e\u6b64Server\u5c31\u53ef\u63a7\u5236\u6574\u500bBotnet\uff0c\u4e0d\u904e\u7f3a\u9ede\u662f\u7576Server\u7121\u6cd5\u4f7f\u7528\u6642\uff0cBotmaster\u5c31\u7121\u6cd5\u63a7\u5236\u6574\u500bBotnet\uff0c\u6b64\u7a2e\u62d3\u6a38\u67b6\u69cb\u4e5f\u662f\u6700\u5bb9\u6613\u88ab\u74e6\u89e3\u7684\uff0c\u56e0\u70ba\u53ea\u8981\u627e\u5230\u4e00\u53f0C&C Server\uff0c\u5c31\u53ef\u4ee5\u5c07\u6574\u500bBotnet\u7834\u58de\u6389\u3002
\u591a\u91cdServer\u62d3\u6a38<\/strong>
\u4ee5\u6578\u53f0C&C Server\u5f7c\u6b64\u4e92\u9023\uff0c\u7576\u5176\u4e2d\u4e00\u53f0C&C Server\u7121\u6cd5\u4f7f\u7528\u6642\uff0c\u5176\u4ed6\u7684Server\u5c07\u53d6\u4ee3\u5b83\uff0c\u4f7fBotnet\u80fd\u6b63\u5e38\u904b\u4f5c\uff0c\u6b64\u7a2e\u62d3\u6a38\u67b6\u69cb\u53ef\u4ee5\u89e3\u6c7a\u661f\u72c0\u62d3\u6a38\u7684\u7f3a\u9ede\uff0c\u4f46\u70ba\u4e86\u8b93Server\u5f7c\u6b64\u4e4b\u9593\u8981\u80fd\u4e92\u76f8\u9023\u7e6b\uff0c\u6240\u4ee5\u5728\u8a2d\u8a08\u4e0a\u56f0\u96e3\u5ea6\u8f03\u9ad8\uff0c\u56e0\u70ba\u9700\u8981\u96a8\u6642\u53d6\u4ee3\u5176\u4ed6C&C Server\u9032\u884c\u5de5\u4f5c\u3002
\u968e\u5c64\u5f0f\u62d3\u6a38<\/strong>
\u90e8\u4efdBotclient\u540c\u6642\u4e5f\u626e\u6f14C&C Server\u7684\u89d2\u8272\uff0c\u4e26\u4ee5\u968e\u5c64\u5f0f\u67b6\u69cb\u4e92\u9023\uff0c\u63d0\u4f9b\u6975\u9ad8\u7684\u53ef\u64f4\u5145\u6027\uff0c\u6b64\u7a2e\u62d3\u6a38\u67b6\u69cb\u53ef\u4ee5\u89e3\u6c7a\u661f\u72c0\u62d3\u6a38\u7684\u7f3a\u9ede\uff0c\u56e0\u70ba\u7576\u67d0\u4e00\u500b\u968e\u5c64\u7684C&C Server\u65b7\u7dda\uff0c\u53ea\u6703\u5c0e\u81f4\u4e00\u90e8\u5206\u7684Botclients\u5931\u806f\uff0c\u800c\u4e0d\u662f\u8b93\u6574\u500bBotnet \u5931\u53bb\u4f5c\u7528\u3002
\u96a8\u6a5f\u5f0f\u62d3\u6a38<\/strong>
\u6700\u4e0d\u5bb9\u6613\u88ab\u74e6\u89e3\u7684\u62d3\u6a38\u67b6\u69cb\u70ba\u96a8\u6a5f\u5f0f\u62d3\u6a38\uff0cBotclient\u6703\u540c\u6642\u626e\u6f14C&C Server\u7684\u89d2\u8272\uff0c\u4e26\u5f7c\u6b64\u76f8\u9023\uff0c\u6c92\u6709\u4e2d\u63a7Server\uff0c\u4efb\u4f55\u4e00\u500bC&C Server\u5931\u53bb\u806f\u7e6b\uff0c\u4e5f\u4e0d\u6703\u5f71\u97ff\u5230\u5176\u4ed6\u7684Botclient\uff0cBotmaster\u53ef\u4e0b\u9054\u6307\u4ee4\u7d66Botnet\u4e2d\u7684\u4efb\u4e00\u500bBotclient\uff0c\u518d\u7531\u5b83\u5ee3\u64ad\u7d66\u5176\u4ed6\u7684Botclients\uff0c\u4f46\u5176\u8a2d\u8a08\u96e3\u5ea6\u8f03\u9ad8\uff0cBotmaster\u5fc5\u9808\u78ba\u8a8d\u6bcf\u4e00\u500bBotclient\u90fd\u53ef\u4ee5\u6536\u5230\u6307\u4ee4\uff0c\u800c\u4e14\u53ea\u6703\u6536\u5230\u4e00\u6b21\uff0c\u4ee5\u907f\u514d\u91cd\u8907\u57f7\u884c\u3002<\/p>\n\n\n\n


Botnet\u901a\u8a0a\u4f7f\u7528\u7684\u5354\u5b9a<\/strong>
Botclient\u6703\u63a5\u6536Botnet\u7684\u6240\u50b3\u4f86\u7684\u8a0a\u606f\u4e26\u56de\u61c9\u5176\u7d50\u679c\uff0c\u9019\u4e4b\u9593\u7684\u50b3\u8f38\u65b9\u5f0f\uff0c\u4f9d\u7167\u4f7f\u7528\u7684\u901a\u8a0a\u5354\u5b9a\u53ef\u4ee5\u5206\u70ba\u4ee5\u4e0b\u5e7e\u985e\uff1a(Dagon et al, 2007; Zhu et al, 2008; Feily et al, 2009)
IRC Protocol<\/strong>
\u6700\u65e9\u51fa\u73fe\u7684Botnet\u4ee5IRC\u70ba\u901a\u8a0a\u5354\u5b9a\uff0c\u7d04\u57281993\u5e74\u958b\u59cb\u9678\u7e8c\u51fa\u73fe\uff0c\u4e3b\u8981\u5229\u7528IRC\u7dda\u4e0a\u804a\u5929\u7684\u6a5f\u5236\u3002Botclient\u6703\u900f\u904eIRC\u9023\u63a5\u5230C&C Server\uff0c\u4e26\u52a0\u5165Botmaster\u5df2\u958b\u597d\u7684\u804a\u5929\u983b\u9053\uff0c\u4e26\u7b49\u5f85Botmaster\u5728\u983b\u9053\u4e0a\u6240\u4e0b\u9054\u7684\u547d\u4ee4\uff0c\u7576Botclient\u63a5\u53d7\u547d\u4ee4\u5f8c\u6703\u57f7\u884c\u4e26\u5c07\u7d50\u679c\u50b3\u56de\u983b\u9053\u4e0a\uff0c\u4e26\u6301\u7e8c\u8207C&C Server\u4fdd\u6301\u9023\u7e6b\u3002\u50cf\u662fAgobot\u3001SDBot\u3001 SpyBot\u3001GT bot(Barford et al, 2006)\u7b49\u60e1\u610f\u7a0b\u5f0f\u6240\u5efa\u7acb\u7684Botnet\uff0c\u90fd\u662f\u5c6c\u65bc\u9019\u985e\u578b\u7684\u3002
HTTP Protocol<\/strong>
\u57282005\u958b\u59cb\u51fa\u73fe\u4f7f\u7528\u4ee5HTTP\u70ba\u901a\u8a0a\u5354\u5b9a\u7684Botnet\uff0c\u6b64\u7a2e\u65b9\u5f0f\u5c07Botclient\u7684\u6d41\u91cf\u96b1\u85cf\u5728\u6b63\u5e38\u7db2\u9801\u6d41\u91cf\u4e0b\uff0c\u96b1\u853d\u6027\u9ad8\uff0c\u9019\u7a2e\u50b3\u8f38\u65b9\u5f0f\u8b93\u9632\u706b\u7246\u96e3\u5075\u6e2c\uff0c\u56e0\u70ba\u9632\u706b\u7246\u4e0d\u6703\u53bb\u963b\u64cb\u7db2\u9801\u6d41\u91cf\u3002\u7576\u96fb\u8166\u6210\u70baBotnet\u7684\u4e00\u54e1\u5f8c\uff0c\u6703\u7528DNS\u89e3\u6790\u4e26\u900f\u904eHTTP\u901a\u8a0a\u5354\u5b9a\u9023\u5230C&C Server\uff0c\u800cC&C Server\u6703\u56de\u61c9\u63a7\u5236\u547d\u4ee4\u6216\u66f4\u65b0\u60e1\u610f\u7a0b\u5f0f\u3002\u50cf\u662fBlackEnergy(Nazario, 2007)\u7b49\u60e1\u610f\u7a0b\u5f0f\u6240\u5efa\u7acb\u7684Botnet\uff0c\u90fd\u662f\u5c6c\u65bc\u9019\u985e\u578b\u7684\u3002(Lee et al, 2008)
P2P Protocol<\/strong>
\u57282003\u958b\u59cb\u51fa\u73fe\u4f7f\u7528\u4ee5P2P\u70ba\u901a\u8a0a\u5354\u5b9a\u7684Botnet\uff0cP2P\u8edf\u9ad4\u7684\u67b6\u69cb\u70ba\u4e00\u7a2e\u9ede\u5c0d\u9ede\u5f0f\u7684\u50b3\u8f38\u65b9\u5f0f\uff0c\u6b64\u65b9\u5f0f\u5c07Botclient\u8207Botmaster\u4e4b\u9593\u7684\u6d41\u91cf\u5305\u88dd\u5728P2P\u7684\u50b3\u8f38\u4e2d\uff0c\u4f7f\u4f86\u6e90\u7684\u8ffd\u8e64\u66f4\u52a0\u56f0\u96e3\uff0c\u8a72\u65b9\u5f0f\u6703\u5be6\u4f5c\u96a8\u6a5f\u5f0f\u62d3\u6a38\u67b6\u69cb\uff0c\u56e0\u6b64\u6bcf\u500bBotclient\u4e5f\u6703\u626e\u6f14C&C Server\u7684\u89d2\u8272\uff0c\u4e5f\u662f\u6700\u4e0d\u5bb9\u6613\u88ab\u74e6\u89e3\u7684\u67b6\u69cb(Zeidanloo et al,2010; Han et al, 2011)\u3002\u50cf\u662fphatbot(Stewart, 2004)\u3001Sinit(Stewart, 2006)\u548cpeacomn(Suenaga, 2007)\u7b49\u60e1\u610f\u7a0b\u5f0f\u6240\u5efa\u7acb\u7684Botnet\uff0c\u90fd\u662f\u5c6c\u65bc\u9019\u985e\u578b\u7684\u3002
\u9664\u6b64\u4e4b\u5916\uff0c\u6709\u4e9bBotnet\u4e5f\u6703\u7d50\u5408\u591a\u7a2e\u901a\u8a0a\u5354\u5b9a\uff0c\u50cf\u57282008\u5e74\u51fa\u73fe\u7684waledac(Jang, 2009)\uff0c\u5c31\u662f\u4f7f\u7528P2P over HTTP\u7684\u6280\u8853\uff0c\u7d50\u5408HTTP\u4e0d\u6613\u88ab\u9632\u706b\u7246\u5c01\u9396\uff0c\u4ee5\u53caP2P\u96a8\u6a5f\u5f0f\u62d3\u6a38\u67b6\u69cb\u7684\u512a\u9ede\u3002<\/p>\n\n\n\n

botnet\u7279\u5fb5<\/strong>
web botnet<\/strong>
\u6703\u900f\u904eDNS\u5927\u91cf\u67e5\u8a62
\u6703\u900f\u904e HTTP \u53ca TCP \u50b3\u8f38\u4e0b\u8f09\u6a94\u6848
\u6703\u958b\u555f\u7279\u5b9a\u7684 port \u9032\u884c\u9023\u7dda\u8207\u6e9d\u901a
p2p botnet<\/strong>
\u6703\u6a21\u4effP2P\u8edf\u9ad4\u7684\u67b6\u69cb\u5927\u91cf\u5efa\u7acb\u9023\u7dda,\u4e5f\u5c31\u662f\u8aaa\u8a72\u6bad\u5c4d\u96fb\u8166\u9023\u7dda\u6578\u77ac\u9593\u9023\u7d50\u6578\u6703\u6975\u591a
\u6703\u4fdd\u6301bot\u9593\u5f7c\u6b64\u9593\u9023\u7dda,\u6240\u4ee5\u6703\u4fdd\u6301\u8cc7\u6599\u7684\u50b3\u8f38,\u4e5f\u5c31\u662f\u6bcf\u689d\u9023\u7dda\u90fd\u6709\u4e00\u5b9a\u7a0b\u5ea6\u4e0a\u7684\u50b3\u8f38\u91cf
\u6703\u76e1\u91cf\u7528\u6700\u5c0f\u7684\u8cc7\u6599\u91cf\u901a\u8a0a,\u4ee5\u4fdd\u6301\u96b1\u5bc6\u4e0d\u88ab\u767c\u73fe,\u4e5f\u5c31\u662f\u5c0f\u6d41\u91cf\u7684\u9023\u7dda\u591a
\u4e0d\u6703\u8ffd\u6c42\u4e0b\u8f09\u901f\u5ea6,\u4e5f\u4e0d\u6703\u4e00\u76f4\u5617\u8a66\u5927\u91cfIP\u5efa\u7acb\u9023\u7d50\u4e26\u4e0b\u8f09\u8cc7\u6599\uff0c\u4e5f\u5c31\u662f\u901a\u8a0a\u4e2d\u7684\u63a7\u5236\u5c01\u5305(syn,finish,reset)\u6578\u91cf\u6216\u6bd4\u4f8b\u61c9\u9060\u4f4e\u65bcP2P\u8edf\u9ad4\u00a0<\/p>\n\n\n\n

<\/p>\n\n\n\n

botnet\u4e09\u5927\u884c\u70ba<\/strong>
1\u64f4\u6563\u884c\u70ba,<\/strong>\u901a\u5e38\u5305\u62ec
scan(\u7db2\u8def\u6383\u63cf)\u5c0b\u627e\u76ee\u6a19
exploit(\u6f0f\u6d1e\u653b\u64ca)\u5165\u4fb5\u76ee\u6a19
2\u901a\u8a0a\u884c\u70ba<\/strong>,\u5305\u62ec\u4ee5\u4e0b
DNS query(\u67e5\u8a62dns)\u5c0b\u627eC&C\u4e4bip
\u8207C&C\u901a\u8a0a
malware download or update(\u60e1\u610f\u7a0b\u5f0f\u4e0b\u8f09\u6216\u66f4\u65b0)
3\u60e1\u610f\u884c\u70ba<\/strong>,botmaster\u6700\u5e38\u505a\u7684\u5982\u4e0b
DDoS Attacks
\u5077\u53d6\u8cc7\u6599
\u6d6a\u8cbb\u983b\u5bec
\u900f\u904e\u5927\u91cfbot\u5f62\u6210\u96f2\u7aef\u7834\u89e3\u5bc6\u78bc
 <\/p>\n\n\n\n


Botnet\u7684\u96b1\u5bc6\u6280\u8853<\/strong>
Botnet\u53ef\u4ee5\u900f\u904e\u5f88\u591a\u96b1\u655d\u6280\u8853(Rodriguez-Gomez et al, 2011)\uff0c\u4ee5\u8eb2\u907f\u5b89\u5168\u5075\u6e2c\u7cfb\u7d71\uff0c\u5e38\u898b\u7684\u6280\u8853\u5982\u4e0b
Ciphering<\/strong>(<\/strong>\u52a0\u5bc6<\/strong>)
<\/strong>\u73fe\u5728\u7684Botnet\u901a\u5e38\u6703\u5728C&C\u7684\u901a\u8a0a\u904e\u7a0b\u4e2d\u52a0\u5bc6\uff0c\u4ee5\u901a\u8a0a\u5167\u5bb9\u70ba\u57fa\u790e\u7684\u5206\u6790\u65b9\u6cd5\u6703\u5f88\u96e3\u8fa8\u8b58\u52a0\u5bc6\u904e\u7684Botnet\uff0c\u50cf\u662fSpamThru(Stewart, 2006)\u548cZeus(Stewart, 2010)\u5c31\u6709\u4f7f\u7528\u9019\u7a2e\u6280\u8853\u3002
Polymorphism<\/strong>(<\/strong>\u591a\u5f62<\/strong>)
<\/strong>Botnet\u4f7f\u7528\u7684\u60e1\u610f\u7a0b\u5f0f\u900f\u904e\u591a\u5f62\u7684\u6280\u8853\uff0c\u53ef\u4ee5\u8f15\u6613\u6539\u8b8a\u60e1\u610f\u7a0b\u5f0f\u672c\u8eab\u7684\u7a0b\u5f0f\u78bc\uff0c\u5c0e\u81f4\u60e1\u610f\u7a0b\u5f0f\u7684\u7279\u5fb5\u7522\u751f\u8b8a\u5316\uff0c\u9019\u6703\u4f7f\u4ee5\u7279\u5fb5\u70ba\u57fa\u790e\u7684\u5075\u6e2c\u7cfb\u7d71\u5f88\u96e3\u767c\u73fe\u5230\u5b83\u5011\u7684\u5b58\u5728\uff0c\u56e0\u70ba\u60e1\u610f\u7a0b\u5f0f\u8b8a\u5316\u592a\u5feb\uff0c\u5075\u6e2c\u7cfb\u7d71\u7684\u7279\u5fb5\u78bc\u5f88\u96e3\u53ca\u6642\u5f97\u5230\u60e1\u610f\u7a0b\u5f0f\u7684\u65b0\u7279\u5fb5\uff0c\u50cf\u662fPhatBot(Stewart, 2004)\u548cZeus(Stewart, 2010)\u5c31\u6709\u4f7f\u7528\u9019\u7a2e\u6280\u8853\u3002
IP Spoofing<\/strong>(<\/strong>\u5047\u5192IP\u4f86\u6e90<\/strong>)
<\/strong>\u4f7f\u7528\u5047\u7684\u4f86\u6e90IP\u5c0d\u76ee\u6a19\u9032\u884c\u653b\u64ca\uff0c\u56e0\u6b64\u5f88\u96e3\u900f\u904e\u8ffd\u8e64\u4f86\u6e90\u7684\u65b9\u5f0f\u627e\u5230\u653b\u64ca\u8005\uff0c\u5e38\u88ab\u7528\u5728Botnet\u9032\u884c\u963b\u65b7\u5f0f\u670d\u52d9\u653b\u64ca(DoS)\u3002
E-mail Spoofing<\/strong>(<\/strong>\u5047\u5192\u5bc4\u4ef6\u8005<\/strong>)
<\/strong>\u4f7f\u7528\u5047\u7684EMAIL\u5bc4\u4ef6\u8005\u5c0d\u76ee\u6a19\u9032\u884c\u653b\u64ca\uff0c\u56e0\u6b64\u5f88\u96e3\u900f\u904e\u8ffd\u8e64\u4f86\u6e90\u7684\u65b9\u5f0f\u627e\u5230\u653b\u64ca\u8005\uff0c\u5e38\u88ab\u7528\u5728\u793e\u4ea4\u5de5\u7a0b\u7684\u91e3\u9b5a\u7db2\u7ad9(phishing attacks)\uff0c\u76ee\u524d\u6709\u4f7f\u7528\u8a72\u6280\u8853\u7684Botnet\u6709Bobax(Stewart, 2004)\u7b49\u3002
Fast-flux Network
<\/strong>\u7576Botclient\u8981\u9023\u7dda\u5230C&C Server\u7684\u7db2\u57df\u6642\uff0c\u6703\u5148\u9032\u884cdns\u67e5\u8a62\u4ee5\u5f97\u5230\u8a72\u7db2\u57df\u7684\u67d0\u4e00\u500bIP\uff0c\u800c\u8a72ip\u5247\u70ba\u67d0\u4e00\u53f0\u4ee3\u7406\u4e3b\u6a5f\u7684ip\uff0c\u7576Botclient\u4f7f\u7528\u8a72ip\u9023\u5230\u4ee3\u7406\u4e3b\u6a5f\u6642\uff0c\u4ee3\u7406\u4e3b\u6a5f\u6703\u5c07\u9023\u7dda\u5c0e\u5230\u771f\u6b63\u7684C&C Server\uff0c\u7531\u65bc\u4ee3\u7406\u4e3b\u6a5f\u6703\u6709\u5f88\u591a\u53f0\uff0c\u4e26\u4f7f\u7528\u4e0d\u540c\u7684ip\uff0c\u56e0\u6b64\u82e5\u88ab\u5c01\u9396\uff0c\u4e5f\u53ea\u662f\u67d0\u4e00\u53f0\u4ee3\u7406\u4e3b\u6a5f\u7121\u6cd5\u4f7f\u7528\u800c\u5df2\uff0cBotclient\u4ecd\u7136\u53ef\u4ee5\u4f7f\u7528\u5176\u4ed6\u4ee3\u7406\u4e3b\u6a5f\u548cC&C Server\u901a\u8a0a\u3002
fast flux\u5206\u70ba\u4ee5\u4e0b\u5169\u7a2e,\u4e3b\u8981\u5728dns query\u7684\u5dee\u5225
\u3000single fast flux
\u3000\u3000\u8a62\u554f\u7684ns server IP\u56fa\u5b9a
\u3000\u3000\u5411monthership\u8981\u6c42\u7684\u8cc7\u6599\u53ea\u6709http
\u3000double fast flux
\u3000\u3000\u8a62\u554f\u7684ns server IP\u8b8a\u52d5\u7684,\u9808\u548cmonthership\u67e5
\u3000\u3000\u5411monthership\u8981\u6c42\u7684\u8cc7\u6599\u6709http,dns
onion routing(\u6d0b\u8525\u8def\u7531)
<\/strong>\u9632\u6b62C&C server\u88ab\u767c\u73fe<\/p>\n\n\n\n

ps: 
fast-flux\u7db2\u57df\u6709\u4ee5\u4e0b\u7279\u6027<\/strong>
TTL\u8a2d\u5b9a0\u6216\u6975\u4f4e(\u901a\u5e38\u5c0f\u65bc300\u79d2),\u6703\u4f7f\u5feb\u53d6\u4fdd\u7559\u8d8a\u77ed,\u8b93\u6bcf\u6b21\u89e3\u6790\u7db2\u57df\u6642\u5728\u53bb\u505a\u5b8c\u6574\u67e5\u8a62,\u800c\u4e0d\u662f\u4f7f\u7528\u5feb\u53d6\u7684\u8cc7\u6599
(\u6b63\u5e38\u60c5\u6cc1\u4e0b\u7b2c\u4e00\u6b21\u67e5\u8a62\u5b8c\u8a72\u7db2\u57df\u7684ip\u5f8c,\u6703\u4fdd\u7559\u5728\u5feb\u53d6\u4e2d,\u8b93\u4e0b\u6b21\u8981\u67e5\u8a72\u7db2\u57df\u6642\u53ef\u76f4\u63a5\u4f7f\u7528,\u4f46CDN\u7684TTL\u4e5f\u8a2d\u5b9a\u5f88\u4f4e)
\u4f7f\u7528round-robin,\u6240\u4ee5\u89e3\u6790\u4e3b\u6a5f\u6642\u6703\u5f97\u5230\u4e0d\u540cIP
(\u6b63\u5e38\u60c5\u6cc1\u4e0b\u6bcf\u6b21\u89e3\u6790\u4e3b\u6a5f\u6703\u6709\u76f8\u540cIP,\u4f46\u4e00\u822c\u7db2\u7ad9\u70ba\u4e86\u8ca0\u8f09\u5e73\u8861\u6703\u4f7f\u7528round-robin\u6280\u8853)
DNS\u56de\u61c9\u7d00\u9304\u90fd\u6c92\u6709Authority\u8207Additional\u8cc7\u8a0a
fast-flux bot<\/strong>(\u4e5f\u5c31\u662f\u67e5\u8a62\u6240\u5f97\u5230\u7684ip)
\u6709\u4ee5\u4e0b2\u7279\u5fb5
1\u70bapublic ip
2\u5177proxy\u529f\u80fd,\u53ef\u5c0dtcp80\u6216udp53\u505a\u5c0e\u5411
\u8ca0\u8cac2\u4ef6\u4e8b
1proxy(\u6d41\u91cf\u5c0e\u5411)\u9700\u6c42\u5230mothership(\u771f\u6b63\u63d0\u4f9b\u5167\u5bb9\u7684\u4f3a\u670d\u5668)
2\u5728\u5f9emonthership\u56de\u61c9\u7684\u5167\u5bb9\u50b3\u56de\u53bb
user\u7279\u5fb5<\/strong>
\u800c\u4f7f\u7528\u8005\u5728\u67e5\u8a62flux-domain\u6642\u6703\u767c\u73fe\u8a72domai\u6703\u5c0d\u61c9\u591a\u500bip,\u5982\u4e0b,\u800c\u4e14\u6bcf\u500bip\u90fd\u5c0d\u61c9\u5230\u76f8\u540c\u7684\u5167\u5bb9
88.215.17.167 
67.51.31.108 
66.183.201.90 
70.57.67.175 
23.14.118.126 
95.32.70.105
66.163.159.63
68.247.85.44<\/p>\n\n\n\n


Botnet\u9632\u5236<\/strong>
\u6709\u5f88\u591a\u65b9\u6cd5\u53ef\u4ee5\u9632\u5236Botnet\uff0c\u800c\u9019\u4e9b\u65b9\u6cd5\u53ef\u4ee5\u5f9e\u5169\u500b\u65b9\u5411\u53bb\u5be6\u4f5c\uff0c\u5206\u5225\u63cf\u8ff0\u5982\u4e0b(Brezo et al, 2011)
\u4ee5\u5b78\u7fd2\u70ba\u57fa\u790e\u7684\u65b9\u5411\uff1a<\/strong>
\u3000\u3000\u7814\u7a76\u4eba\u54e1\u4f7f\u7528\u4e00\u53f0\u4e3b\u6a5f\u5efa\u7acb\u6210Honeypot(Challoo et al, 2011)\uff0c\u4e26\u8a98\u4f7fBotnet\u7684\u60e1\u610f\u7a0b\u5f0f\u611f\u67d3\u9019\u53f0\u4e3b\u6a5f\uff0c\u4e00\u4f46\u8a72\u4e3b\u6a5f\u6210\u70baBotnet\u7684\u6210\u54e1\uff0c\u5206\u6790\u4eba\u54e1\u5728\u89c0\u5bdf\u6b64\u4e3b\u6a5f\u7684\u76f8\u95dc\u6d3b\u52d5\uff0c\u50cf\u662f\u7db2\u8def\u6d3b\u52d5\u6216\u662f\u7cfb\u7d71\u6d3b\u52d5\uff0c\u4e26\u5f9e\u9019\u4e9b\u6d3b\u52d5\u627e\u51faBotnet\u7684\u5f31\u9ede\u6216\u6d3b\u52d5\u898f\u5247\uff0c\u6216\u642d\u914d\u6a5f\u5668\u5b78\u7fd2\u7684\u6280\u8853\u627e\u51fa\u76f8\u95dc\u898f\u5247\u3002
\u3000\u3000\u9664\u4e86Honeypot\u7684\u65b9\u5f0f\u5916\uff0c\u53e6\u4e00\u7a2e\u5e38\u898b\u7684\u65b9\u5f0f\u662f\u900f\u904eHoneynet(Bhatia et al, 2011)\u7684\u65b9\u5f0f\uff0c\u96d6\u7136\u90fd\u8981\u8a98\u4f7fBotnet\u611f\u67d3\u672c\u8eab\uff0c\u5728\u7531\u5206\u6790\u4eba\u54e1\u6536\u96c6\u76f8\u95dc\u6d3b\u52d5\uff0c\u4f46\u8207Honeypot\u4e0d\u540c\u7684\u662f\uff0cHoneypot\u662f\u4ee5\u55ae\u53f0\u4e3b\u6a5f\u505a\u8a18\u9304\uff0c\u800cHoneynet\u662f\u5efa\u7acb\u4e00\u500b\u7db2\u8def\uff0c\u800c\u7db2\u8def\u5167\u6709\u591a\u53f0\u4e3b\u6a5f\uff0c\u56e0\u6b64\u898f\u6a21\u53ef\u4ee5\u66f4\u5927\uff0c\u6536\u96c6\u7684\u76f8\u95dc\u8cc7\u6599\u4e5f\u66f4\u5168\u9762\u3002
\u3000\u3000\u5728\u8a98\u4f7fBotnet\u611f\u67d3Honeypot\u65b9\u9762\uff0c\u6211\u5011\u53ef\u4ee5\u76f4\u63a5\u5c07\u60e1\u610f\u7a0b\u5f0f\u4e1f\u5165Honeypot\u5167\u57f7\u884c\uff0c\u4e26\u8a18\u9304\u60e1\u610f\u7a0b\u5f0f\u7684\u6d3b\u52d5\u4ee5\u505a\u6210\u8cc7\u6599\u96c6\uff0c\u5728\u5c0d\u8cc7\u6599\u96c6\u9032\u884c\u5206\u6790\uff1b\u6216\u662f\u67b6\u8a2d\u5728\u7db2\u8def\u4e0a\uff0c\u8b93\u7db2\u8def\u4e0a\u7684\u60e1\u610f\u7a0b\u5f0f\u76f4\u63a5\u611f\u67d3Honeypot\uff0c\u5728\u6536\u96c6\u5df2\u77e5\u6216\u672a\u77e5\u7684\u60e1\u610f\u7a0b\u5f0f\u627e\u51fa\u5176\u5f31\u9ede\u3002\u4e00\u4f46\u627e\u5230Botnet\u7684\u5f31\u9ede\uff0c\u6211\u5011\u5c31\u53ef\u4ee5\u6839\u64da\u8a72\u5f31\u9ede\u5c0dBotnet\u9032\u884c\u64ca\u7834\u3002
\u4ee5\u5075\u6e2c\u70ba\u57fa\u790e\u7684\u65b9\u5411\uff1a<\/strong>
\u3000\u3000\u900f\u904eBotnet\u7684\u884c\u70ba\u6216\u7279\u5fb5\u627e\u51fa\u554f\u984c\uff0c\u50cf\u662f\u6709\u554f\u984c\u7684\u5c01\u5305\uff0c\u6709\u554f\u984c\u7684\u7528\u6236\u7aef\u7b49\uff0c\u800c\u5075\u6e2c\u65b9\u5f0f\u53ef\u4ee5\u5206\u70ba\u5169\u7a2e\uff0c\u5206\u5225\u70ba\u8aa4\u7528\u5075\u6e2c\u53ca\u7570\u5e38\u5075\u6e2c(Patcha et al, 2007; Li et al, 2009)\uff0c\u8aa4\u7528\u5075\u6e2c\u6307\u7684\u662f\u4ee5\u73fe\u6709\u7684Botnet\u898f\u5247\u53bb\u627e\u51fa\u554f\u984c\uff0c\u4e00\u4f46\u7b26\u5408Botnet\u7684\u898f\u5247\uff0c\u5247\u5224\u5b9a\u70baBotnet\uff1b\u800c\u7570\u5e38\u5075\u6e2c\u6307\u7684\u662f\uff0c\u5148\u5b9a\u7fa9\u6b63\u5e38\u4f7f\u7528\u8005\u884c\u70ba\u7684\u898f\u5247\uff0c\u800c\u672a\u7b26\u5408\u9019\u4e9b\u6b63\u5e38\u4f7f\u7528\u8005\u884c\u70ba\u7684\u898f\u5247\u5373\u70baBotnet\u3002
\u3000\u3000\u800c\u6839\u64da\u5075\u6e2c\u7684\u5730\u9ede\u4e5f\u53ef\u4ee5\u5206\u70ba\u4ee5\u4e3b\u6a5f\u578b\u5075\u6e2c\u7cfb\u7d71\u548c\u7db2\u8def\u578b\u5075\u6e2c\u7cfb\u7d71\u3002\u4e3b\u6a5f\u578b\u5075\u6e2c\u7cfb\u7d71\u7684\u5075\u6e2c\u65b9\u5f0f\u985e\u4f3c\u9632\u6bd2\u8edf\u9ad4\uff0c\u5b89\u88dd\u5728\u4e3b\u6a5f\u4e0a\u5f8c\u6703\u76e3\u63a7\u4e3b\u6a5f\u5404\u7a2e\u6d3b\u52d5\uff1b\u800c\u7db2\u8def\u578b\u5075\u6e2c\u7cfb\u7d71\u6703\u6839\u64da\u4e3b\u6a5f\u7684\u7db2\u8def\u6d41\u91cf\u505a\u5075\u6e2c\uff0c\u50cf\u662f\u5165\u4fb5\u5075\u6e2c\u7cfb\u7d71\u3001\u9632\u6bd2\u7246\u7b49\u8a2d\u5099\u7684\u5de5\u4f5c\u65b9\u5f0f\uff0c\u800c\u9019\u4e9b\u5075\u6e2c\u7cfb\u7d71\u6709\u4e9b\u662f\u4f48\u7f72\u5728\u7db2\u8def\u9aa8\u5e79\u7dda\u8def\u4e0a\uff0c\u4e00\u767c\u73fe\u554f\u984c\u5373\u53ef\u7acb\u523b\u5c01\u9396\uff1b\u6709\u4e9b\u662f\u4ee5\u76e3\u807d\u7db2\u8def\u6d41\u91cf\u7684\u65b9\u5f0f\u505a\u5075\u6e2c\uff0c\u4e00\u4f46\u767c\u73fe\u6709\u554f\u984c\u5247\u901a\u77e5\u7ba1\u7406\u8005\u3002<\/p>\n\n\n\n

ps:
\u95dc\u65bcbotnet tool: nuclear bot <\/p>\n\n\n\n

<\/p>\n\n\n\n

reference
Barford, P. & Yegneswaran, V. (2006). An inside look at botnets. In Special Workshop on Malware Detection Advances in In-formation Security.
Brezo, F., Santos, I., Bringas, P.G. & del Val, J.L. (2011). Challenges and Limitations in Current Botnet Detection. The 22nd International Workshop on Database and Expert Systems Applications, 95-101.
Bhatia, J.S., Sehgal,R.K., & Kumar, S. (2011). Honeynet Based Botnet Detection Using Command Signatures. Communications in Computer and Information Science, Vol.154, Part1, 69-78.
Challoo, R., & Kotapalli, R. (2011). Detection of Botnets using Honeypots and P2P Botnets. Journal of Computer Science and Security, Vol.5, Iss.5, 496-502.
Dagon, D., Gu, G., Lee, C.P. & Lee, W. (2007). A Taxonomy of Botnet Structures. Twenty-Third Annual Computer Security Applications Conference, 325-339.
Feily, M. Shahrestani, A. & Ramadass, S. (2009). A Survey of Botnet and Botnet Detection. Third International Conference on Emerging Security Information, Systems and Technologies, 268-273.
Han, K.S., Im, E.G., Kim, K.J. & Ahn, S.J. (2011). A Survey on P2P Botnet Detection. Proceedings of the International Conference on IT Convergence and Security, 589-593.
Kalt, C. (2000). Internet Relay Chat: Architecture. RFC 2810.
Lee, J., Jeong, H., Park, J., Kim, M. & Noh, B. (2008). The activity analysis of malicious http-based botnets using degree of periodic repeatability. International Conference on Security Technology, 83-86.
Li, C., Jiang, W., & Zou, X. (2009). Botnet: Survey and Case Study ,Innovative Computing, Information and Control, 1184-1187.
Nazario, J. (2007). Blackenergy ddos bot analysis. Technical report, Arbor Networks.
Ollmann, G. (2009). Botnet Communication Topologies. from Damballa.
Patcha, A., & Park, J.M. (2007). An overview of anomaly detection techniques: Existing solutions and latest technological trends. Journal of Computer Networks, Vol.51, Iss.12, 3488-3470.
Rodriguez-Gomez, R. A., Macia-Fernandez, G. & Garcia-Teodoro, P. (2011). Analysis of Botnets Though Life-Cycle. International Conference on Security and Cryptography, 257-262.
Stewart, J. (2004). PhatBot trojan analysis. Technical report, SecureWorks.
Stewart, J. (2004). Bobax trojan analysis. Technical report, SecureWorks.
Stewart, J. (2006). Spamthru trojan analysis. Technical report, SecureWorks.
Stewart, J. (2006). Sinit P2P Trojan Analysis. Technical report, SecureWorks.
Stewart, J. (2010). Zeus banking trojan report. Technical report, SecureWorks.
Suenaga, M. & Ciubotariu, M. (2007). Symantec: Trojan.peacomm. http:\/\/www.symantec.com
Sun, Y.d., & LI, D. (2006). Overview of botnet. Journal of Computer Applications, Iss.7.
Wang, J. H. and Laih, C. S. (2008). “An Investigation and Implementation of Botnet Detection Schemes.” Unpublished doctoral dissertation, College of Electrical Engineering and Computer Science National Cheng Kung University Master Thesis, unpublished.
Zeidanloo, H.R., Manaf, A.B.A., Ahmad, R.B., Zamani, M. & Chaeikar, S.S. (2010). A Proposed Framework for P2P Botnet Detection. IACSIT International Journal of Engineering and Technology, Vol.2, No.2.
Zhu, Z., Lu, G. & Chen, Y. (2008). Botnet Research Survey. Annual IEEE International Computer Software and Applications Conference, 967-972.<\/p>\n","protected":false},"excerpt":{"rendered":"

Botnet\u662f\u4e00\u7fa4\u611f\u67d3\u60e1\u610f\u8edf\u9ad4\u4e26\u53d7\u99ed\u5ba2\u63a7\u5236\u7684\u96fb\u8166\uff0c\u662f\u8a31\u591a\u7db2\u8def …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[39],"tags":[],"class_list":["post-385","post","type-post","status-publish","format-standard","hentry","category-concept"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/385","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=385"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/385\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=385"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=385"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=385"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}