The new threat to internet: DNP attack with the attacking flows strategizing technology

Distributed network paralyzing (DNP) attack, a kind of distributed denial‐of‐service attack that utilize botnet to congest and paralyze autonomous system level network, is a serious threat to network security. In this article, it is indicated that the most difficulty of DNP attack is strategizing DNP attacking flows automatically from the perspective of the attacker. For this outstanding issue, we introduce the DNP attacking flows strategizing technology, which can help an attacker to launch DNP attack efficiently through a series of attacking resources division–target links and attacking paths orientation–flux planning process. Through simulation, we demonstrate that the feasibility of attacking flows strategizing technology and prove that an attacker who controls a large‐scale botnet can utilize DNP attack to seriously threat the network security. At last, from the perspective of the defender, it is indicated that the network security researcher should strengthen the relevant research to defend the DNP attack. Copyright © 2014 John Wiley & Sons, Ltd.     

主动网络流水印技术研究进展

在匿名网络环境下通信双方关系确认、僵尸网络控制者追踪、中间跳板主机发现等方面,以被动网络流量分析（passive traffic analysis）为核心的传统入侵检测与流关联技术存在空间开销大、实时性差、识别率低、灵活性欠佳、难以应对加密流量等明显缺点。而将主动网络流量分析与数字水印思想相融合的主动网络流水印（ANFW, active network flow watermark）技术能有效克服传统被动网络流量分析方法的不足,已引起了国内外学者的广泛关注。首先阐述了ANFW机制的通用模型,总结了ANFW技术的分类及所涉及的角色关系;其次,详细综述了近年来提出的多种典型的基于不同网络流特征的ANFW技术,并进行对比性总结;最后,概述了当前ANFW技术自身安全威胁及应对措施现状,展望了其未来的研究方向。     

僵尸网络技术发展新趋势分析

近年来,僵尸网络不断发展,已经成为一项能够带来高额利益的地下黑色产业.本文提出僵尸网络控制者面临的主要挑战,以及其未来可能采取的应对这些挑战的方法.本文介绍了一些可能用来提高僵尸网络能力的方法,包括利用层次化的和可扩展的方式来构建僵尸程序、利用Metasploit等来快速构建攻击方法、利用Gnutella和Skype等系统构建P2P网络、利用数字签名进行认证等方法等,隐蔽的通信频道研究可用使僵尸网络更加可靠、易扩展,使僵尸网络更加难以被清除.     

使用时空相关性分析检测加密僵尸网络流量

In this paper, we propose a novel method to detect encrypted botnet traffic. During the traffic preprocessing stage, the proposed payload extraction method can identify a large amount of encrypted applications traffic. It can filter out a large amount of non-malicious traffic, greatly improving the detection efficiency. A Sequential Probability Ratio Test (SPRT)-based method can find spatial-temporal correlations in suspicious botnet traffic and make an accurate judgment. Experimental results show that the false positive and false negative rates can be controlled within a certain range.