针对现有P2P僵尸网络抗追踪性较差的问题,提出了一种P2P僵尸网络跨域体系结构(CRA).CRA将僵尸主机间的通信严格限制在不同的域之间,并引入IP伪造技术隐藏通信的源IP.考虑到监控全球互联网的不可行性以及IP溯源的困难性,现实中防御者将很难对CRA展开追踪.模拟实验结果表明,较之当前主流的P2P僵尸网络体系结构,CRA具备更好的抗追踪性和鲁棒性.%To construct a tracking-resistant P2P botnet,a Cross-Realm Architecture (CRA) was proposed.CRA strictly restricts bots' interactions across different realms and hides the origins of bots' interactions by IP spoofing.Considering the infeasibility of monitoring the global Internet and the difficulty of IP traceback,it is very hard for defenders to track CRA in the real world.The simulation results show that compared to recent popular P2P botnet architectures,CRA has better anti-tracking performance and robustness.
展开▼