To deal with traditional security technologies' low efficiency when opposing the botnet based on P2P,through the study of networked behavior and host behavior of P2P viruses,a defense system based on domain on the basis of the common characteristics of P2P botnet is designed and a way to deal with the situation that it can' t recognize bot due to no IP focus is thrown out.The system take the hierarchical structure,combine the host evil behavior and the recognizable technology of P2P stream,and get the communication characteristic vector of P2P hornet.The simulation experiment proves the system has a high efficiency and generality.%针对当前传统安全技术不能对P2P环境下的僵尸网络进行有效防御的问题,在P2P僵尸网络病毒的一般性行为特征的基础上,设计了一种基于域的P2P僵尸网络的防御体系,并提出了利用僵局网络通信数据流特征向量的相似度分析解决因僵尸结点过少,无法检测出IP聚焦而无法识别僵尸结点的问题.该防御体系采用层次化结构,按P2P网络的逻辑地址段划分域,在城内采用将主机恶意行为与P2P流识别相结合的方法判别僵尸网络的通信数据流并提取特征向量.实验结果表明,该体系具有较高的性能和通用性.
展开▼
