| 引用本文: | 周安民,钟毅,左政,张磊.D-BitBot:比特币网络双向通信的P2P僵尸网络模型[J].哈尔滨工业大学学报,2020,52(5):66.DOI:10.11918/201904033 |
| ZHOU Anmin,ZHONG Yi,ZUO Zheng,ZHANG Lei.D-BitBot: a P2P duplex botnet model in Bitcoin network[J].Journal of Harbin Institute of Technology,2020,52(5):66.DOI:10.11918/201904033 |
|
| 摘要: |
| 公有区块链网络(如比特币、以太坊等)具有匿名、难以被关闭的特点,被用于僵尸网络的通信模型研究中,但现有研究中的方法存在网络扩展代价高和回传通道易被溯源的问题.针对上述问题,本文提出D-BitBot,一种基于比特币网络双向通信的点对点(P2P)僵尸网络模型构建方法.该方法使用比特币测试网络作为回传信道,可有效降低数据回收的成本和网络扩展的代价,且能提高回传信道抗溯源的能力;为解决传统僵尸网络上线方式的单点故障缺陷,本文提出一种基于比特币区块链的节点上线机制;另外,为抵御路由表节点注入攻击和僵尸网络节点爬取,本文提出一种基于IP地址加盐哈希排序的节点列表交换算法.实验结果表明,在仿真环境中的D-BitBot上线率达到100%,且具有良好的鲁棒性;在节点请求和节点爬取测试中,本文所提出的算法能有效抵御路由表节点注入攻击和降低现有爬取算法的节点发现率.最后,本文基于3个不同的层面提出可能的抵御方式,并针对本文采用信道的鲁棒性对进行相应的分析和论述. |
| 关键词: 僵尸网络 比特币 区块链 P2P 网络仿真 |
| DOI:10.11918/201904033 |
| 分类号:TP311.13 |
| 文献标识码:A |
| 基金项目:国家重点研发计划资金(2017YFB0802900) |
|
| D-BitBot: a P2P duplex botnet model in Bitcoin network |
|
ZHOU Anmin1,ZHONG Yi1,ZUO Zheng2,ZHANG Lei1
|
|
(1.College of Cybersecurity, Sichuan University, Chengdu 610065, China; 2.College of Electronics and Information Engineering, Sichuan University, Chengdu 610065, China)
|
| Abstract: |
| Botnets choose blockchain networks (such as Bitcoin and Ethereum) as the communication channel for their command-and-control (C&C) mechanism because blockchain networks are anonymous and hard to shut down. Recent research focuses on this mechanism, but the research methods have such defects that the scalability is restricted, and the upstream channel is vulnerable to existing tracing techniques. To solve these problems, D-BitBot, a peer-to-peer (P2P)-based duplex botnet model which utilizes the Bitcoin testnet as the upstream channel is proposed in this paper. The C&C channel used in this model is hard to trace and reduces the cost of data recovery and network scalability. To avoid single point of failure in traditional botnet bootstrap procedure, a Bitcoin blockchain based bootstrap mechanism is presented. Further, to defend against direct routing table poisoning and P2P botnet crawling, a novel peer list exchange algorithm based on the sorted hash values of IP addresses and random salt values is proposed. According to the result of P2P simulation, D-BitBot provided robust network connectivity with an online rate of 100%. In the node request and node crawling algorithm, the proposed algorithm was effective against direct routing table poisoning and reduced the node detection rate of the current crawling algorithm. Lastly, possible countermeasures and the robustness of the proposed C&C channel were discussed at the end of this paper. |
| Key words: botnet Bitcoin blockchain P2P network simulation |
