移动僵尸网络综述

doi:10.3969/j.issn.1671-1122.2015.04.004

摘要/Abstract

摘要：

随着智能终端的普及和4G通信的高速发展,移动僵尸网络的生存环境已经成熟,逐渐威胁到移动互联网的基础设施和移动网民的财产安全。现有的防御措施对这类攻击不再适用,移动僵尸网络已成为移动网络面临的重要安全问题之一。移动僵尸网络的构建依赖于移动恶意软件的传播,因此文章首先介绍了手机恶意软件的发展,随后介绍了移动僵尸网络的演化发展历程。控制与命令信道是僵尸网络研究中攻防双方争夺控制权的关键点,也是僵尸网络构建技术中重要的一环,同样也是区别于恶意软件的重要特征,移动僵尸网络不同于传统的僵尸网络,在控制与命令信道的选择上也略有差异,因此文章对移动僵尸网络的命令与控制信道进行了深入的剖析,重点讨论了短信、蓝牙、HTTP、Web2.0和一些特殊的命令与控制信道国内外研究现状。还进一步探讨了移动僵尸网络不同的传播载体、传播方式和的传播模型的发展,从经典传播模型、围绕蓝牙技术和短信技术的传播模型到更能反映移动僵尸网络特性的时空传播模型,都给出了相应的说明,并介绍了用于研究移动僵尸网络的仿真与模拟工具。最后文章结合实际的情况给出了移动僵尸网络的防御政策,为打击移动网络犯罪提供技术支撑与保障。

关键词: 移动僵尸网络, 命令与控制信道, 传播模型, 仿真工具

Abstract:

With the popularity of smart devices and the rapid development of 4G technology, the living environment of mobile botnet has been ripe. Mobile botnet has made great damages to infrastructural facilities and property of people. But current security solutions for smart phones and mobile devices are very limited in preventing those attacks. So mobile botnet has become one of the important security problems of the mobile network. Mobile botnet has a close relationship to mobile malware, because construction of mobile botnet dependents on the propagation of mobile malware. This paper first introduces the evolution process of mobile malware. The important part of a botnet construction is the command and control (C&C) channel which is the key point for both the attacker and defender for mobile network control. The mobile botnet is different than the traditional botnet in command and control channel design. Command and control channel is also a mainly sign which is the mobile botnet be distinguish from mobile malware. In order to understand the current research works and the evolution process of mobile botnet, the command and control mechanisms of mobile botnet are discussed. The situation of the command and control based on SMS, Bluetooth, HTTP, Web 2.0 and others researches are analyzed and compared. And the different kinds of propagation of mobile botnet are further more discussed. In this part, to understand the propagation behavior of mobile botnets, many propagation models of mobile botnet as a foundation for further exploration. Those propagation models include deterministic epidemic models, stochastic models and spatialtemporal models. To study the mobile botnet is to connect with the simulator of mobile botnet. Mathematical models simulator, event-based simulator, trace-driven simulator and agent-based simulator of mobile botnet are reviewed. At last, the defense policies of mobile botnet are proposed. The defense policies can help defenders develop defense strategies or make prevention policy to block the propagation of the moblie botnet. And it is important and practical significance for protecting mobile network security and attacking mobile network crime. So the study mobile botnet is very valuable to provide a workable solution to enhance the defense ability of mobile network.

Key words: mobile botnet, command and control channel, propagation model, simulator

中图分类号:

TP309

李娜, 杜彦辉, 高峰. 移动僵尸网络综述[J]. 信息网络安全, 2015, 15(4): 19-27.

LI Na, DU Yan-hui, GAO Feng. Survey of Mobile Botnet[J]. Netinfo Security, 2015, 15(4): 19-27.

图/表 2

参考文献 64

[1]	Corporation S.Internet Security Threat Report (ISTR)[R]. California: Symantec Corporation, 2014.
[2]	Apvrille A.Symbian worm Yxes: Towards mobile botnets?[J]. Journal in Computer Virology, 2012, 8(4): 117-131.
[3]	Hua J, Sakurai K.A sms-based mobile botnet using flooding algorithm, Information Security Theory and Practice[J]. Security and Privacy of Mobile Devices in Wireless Communication: Springer, 2011: 264-279.
[4]	Hamandi K, Elhajj I H, Chehab A, et al.Android SMS botnet: a new perspective[C]// Proceedings of the 10th ACM international symposium on Mobility management and wireless access, 2012: 125-130.
[5]	Geng G, Xu G, Zhang M, et al.The design of sms based heterogeneous mobile botnet[J]. Journal of Computers, 2012, 7(1): 235-243.
[6]	Zeng Y, Shin K G, Hu X.Design of SMS commanded-and-controlled and P2P-structured mobile botnets[C]// Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, 2012: 137-148.
[7]	Mtibaa A, Harras K A, Alnuweiri H.Malicious attacks in Mobile Device Clouds: A data driven risk assessment[C]//Computer Communication and Networks (ICCCN), 2014 23rd International Conference on, 2014: 1-8.
[8]	Singh K, Sangal S, Jain N, et al.Evaluating bluetooth as a medium for botnet command and control[J]. Detection of Intrusions and Malware, and Vulnerability Assessment: Springer, 2010: 61-80.
[9]	Hua J, Sakurai K.Botnet command and control based on Short Message Service and human mobility[J]. Computer Networks, 2013, 57(2): 579-597.
[10]	Jiang R M, Jhang J S, Hsu F H, et al.JokerBot-An Android-Based Botnet[J]. Applied Mechanics and Materials, 2013, (284): 3454-3458.
[11]	王晓飞, 张大方, 苏欣. 综合短信和HTTP协议C&C信道的移动僵尸网络设计[J]. 小型微型计算机系统, 2014, (07): 1458-1463.
[12]	Wang P, Zhang C, Li X, et al.A Mobile Botnet Model Based on Android System[J]. Trustworthy Computing and Services, 2014: 54-61.
[13]	耿贵宁, 陈冬青, 高海辉, et al.移动僵尸网络的设计及分析[J]. 清华大学学报(自然科学版), 2011, (10): 1329-1334.
[14]	Pieterse H, Olivier M.Design of a hybrid command and control mobile botnet[C]//Academic Conferences and Publishing International Ltd..2013.1-10.
[15]	Cui X, Fang B, Yin L, et al.Andbot: towards advanced mobile botnets[C]//Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats, 2011: 11-11.
[16]	Wang S, Cui X, Liao P, et al.S-URL Flux: A Novel C&C Protocol for Mobile Botnets[J]. Trustworthy Computing and Services: Springer, 2013: 412-419.
[17]	Tanner B K, Warner G, Stern H, et al.Koobface: The evolution of the social botnet[C]// eCrime Researchers Summit (eCrime), 2010: 1-10.
[18]	Thomas K, Nicol D M.The Koobface botnet and the rise of social malware[C]//Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on, 2010: 63-70.
[19]	Kartaltepe E J, Morales J A, Xu S, et al.Social network-based botnet command-and-control: emerging threats and countermeasures[J]. Applied Cryptography and Network Security, 2010: 511-528.
[20]	Li Y, Zhai L, Wang Z, et al.Control Method of Twitter-and SMS-Based Mobile Botnet[J], Trustworthy Computing and Services: Springer, 2013: 644-650.
[21]	Lee S, Kim J.Fluxing botnet command and control channels with URL shortening services[J]. Computer Communications, 2013, 36(3): 320-332.
[22]	Faghani M R, Nguyen U T.Socellbot: A new botnet design to infect smartphones via online social networking[C]//Electrical & Computer Engineering (CCECE), 2012 25th IEEE Canadian Conference on, 2012: 1-5.
[23]	Zhao S, Lee P P, Lui J, et al.Cloud-based push-styled mobile botnets: a case study of exploiting the cloud to device messaging service[C]//Proceedings of the 28th Annual Computer Security Applications Conference, 2012: 119-128.
[24]	Lee H, Kang T, Lee S, et al.Punobot: Mobile Botnet Using Push Notification Service in Android[J]. Information Security Applications: Springer, 2014: 124-137.
[25]	Chen W, Gong P, Yu L, et al.An adaptive push-styled command and control mechanism in mobile botnets[J]. Wuhan University Journal of Natural Sciences, 2013, 18(5): 427-434.
[26]	Schlegel R, Zhang K, Zhou X-Y, et al.Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones[C]//NDSS, 2011: 17-33.
[27]	Reed T, Geis J, Dietrich S.SkyNET: A 3G-Enabled Mobile Attack Drone and Stealth Botmaster[C]// WOOT, 2011: 28-36.
[28]	百度百科. XX神奇[EB/OL]. , 2014-12-11.
[29]	CSDN. Wire Lurker肆意横行,苹果无病毒神话被终结[EB/OL]. .
[30]	symantec. Android.Notcompatible[EB/OL]. , 2.14-12-11.
[31]	Martin J C, Burge Iii L L, Gill J I, et al. Modelling the spread of mobile malware[J]. International Journal of Computer Aided Engineering and Technology, 2010, 2(1): 3-14.
[32]	Mickens J W, Noble B D.Modeling epidemic spreading in mobile environments[C]//Proceedings of the 4th ACM workshop on Wireless security, 2005: 77-86.
[33]	夏玮, 李朝晖, 陈增强, et al.基于速度分段的手机蓝牙病毒传播模型[J]. 计算机工程, 2008, (09): 10-12.
[34]	Yan G, Eidenbenz S.Modeling propagation dynamics of bluetooth worms[C]// Distributed Computing Systems, 2007. ICDCS'07. 27th International Conference on, 2007: 42-42.
[35]	Rhodes C J, Nekovee M.The opportunistic transmission of wireless worms between mobile devices[J]. Physica A: Statistical Mechanics and Its Applications, 2008, 387(27): 6837-6844.
[36]	Murynets I, Jover R P.How an SMS-Based malware infection will get throttled by the wireless link[C]//Communications (ICC), 2012 IEEE International Conference on, 2012: 960-965.
[37]	Gao C, Liu J.Modeling and predicting the dynamics of mobile virus spread affected by human behavior[C]//World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2011 IEEE International Symposium on a, 2011: 1-9.
[38]	Cheng S-M, Ao W C, Chen P-Y, et al.On modeling malware propagation in generalized social networks[J]. Communications Letters, IEEE, 2011, 15(1): 25-27.
[39]	Ramachandran K K, Sikdar B.Modeling Malware Propagation in Networks of Smart Cell Phones with Spatial Dynamics[C]// INFOCOM, 2007: 2516-2520.
[40]	Xia W, Li Z-H, Chen Z-Q, et al.Commwarrior worm propagation model for smart phone networks[J]. The Journal of China Universities of Posts and Telecommunications, 2008, 15(2): 60-66.
[41]	Fan Y, Zheng K, Yang Y.Epidemic model of mobile phone virus for hybrid spread mode with preventive immunity and mutation[C]//Wireless Communications Networking and Mobile Computing (WiCOM), 2010 6th International Conference on, 2010: 1-5.
[42]	Lu Z, Wang W, Wang C.How can botnets cause storms? Understanding the evolution and impact of mobile botnets[C]// INFOCOM, 2014 Proceedings IEEE, 2014: 1501-1509.
[43]	Peng S, Wang G.Worm propagation modeling using 2D cellular automata in bluetooth networks[C]// Trust, Security and Privacy in Computing and Communications (TrustCom), 2011 IEEE 10th International Conference on, 2011: 282-287.
[44]	Szongott C, Henne B, Smith M.Evaluating the threat of epidemic mobile malware[C]// Wireless and Mobile Computing, Networking and Communications (WiMob), 2012 IEEE 8th International Conference on, 2012: 443-450.
[45]	Riley G F, Sharif M L, Lee W.Simulating internet worms[C]// Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, 2004.
	(MASCOTS 2004). Proceedings. The IEEE Computer Society's 12th Annual International Symposium on, 2004: 268-274.
[46]	Channakeshava K, Chafekar D, Bisset K, et al.EpiNet: a simulation framework to study the spread of malware in wireless networks[C]// Proceedings of the 2nd International Conference on Simulation Tools and Techniques, 2009: 6.
[47]	Channakeshava K, Bisset K, Kumar V A, et al.High performance scalable and expressive modeling environment to study mobile malware in large dynamic networks[C]// Parallel & Distributed Processing Symposium (IPDPS), 2011 IEEE International, 2011: 770-781.
[48]	Traynor P, Lin M, Ongtang M, et al.On cellular botnets: measuring the impact of malicious devices on a cellular network core[C]// Proceedings of the 16th ACM conference on Computer and communications security, 2009: 223-234.
[49]	UDelModels. UDelModels[EB/OL]. .
[50]	Adeel M, Tokarchuk L N.MPeersim: Simulation environment for mobile P2P networks[C]// Software, Telecommunications and Computer Networks (SoftCOM), 2011 19th International Conference on, 2011: 1-6.
[51]	Fleizach C, Liljenstam M, Johansson P, et al.Can you infect me now?: malware propagation in mobile phone networks[C]//Proceedings of the 2007 ACM workshop on Recurring malcode, 2007: 61-68.
[52]	Su J, Chan K K, Miklas A G, et al.A preliminary investigation of worm infections in a bluetooth environment[C]// Proceedings of the 4th ACM workshop on Recurring malcode, 2006: 9-16.
[53]	Bose A, Shin K G.On mobile viruses exploiting messaging and bluetooth services[C]// Securecomm and Workshops, 2006: 1-10.
[54]	吕从东,韩臻,马威. 云存储服务端数据存储加密机制的设计和实现[J]. 信息网络安全,2014,(6):1-5.
[55]	聂金慧,苏红旗. 物联网位置数据安全策略研究[J]. 信息网络安全,2014,(6):6-10.
[56]	周国安,李强,陈新,等. 云环境下海量小文件存储技术研究综述[J]. 信息网络安全,2014,(6):11-17.
[57]	梅瑞,孟正,霍玮. 典型文档类CVE漏洞检测工具的研究与实现[J]. 信息网络安全,2014,(6):18-22.
[58]	孙哲,刘大光,武学礼,等. 基于模糊测试的网络协议自动化漏洞挖掘工具设计与实现[J]. 信息网络安全,2014,(6):23-30.
[59]	刘楠,文伟平. 基于结构比对的软件同源综合检测工具的设计与实现[J]. 信息网络安全,2014,(6):31-38.
[60]	宁戈,张涛,文伟平,等. 一种非堆喷射的IE浏览器漏洞利用技术研究[J]. 信息网络安全,2014,(6):39-42.
[61]	刘望桐,罗森林. Windows主机键盘记录技术对比分析[J]. 信息网络安全,2014,(6):43-47.
[62]	陈达, 马威, 李晓勇. 一种单向安全隔离与信息交换机制[J]. 信息网络安全,2014,(6):48-52.
[63]	张毅,王伟,王刘程,等. 一种基于可信计算技术的源代码安全审查模型[J]. 信息网络安全,2014,(10):1-6.
[64]	杨婧,范梦迪,高雄智,等. 一种改进的MP3被动篡改定位检测算法[J]. 信息网络安全,2014,(10):7-10.