面向移动网络的僵尸网络关键技术研究
摘要
移动互联网安全是一个新兴领域,要探究在这一平台上可能存在的安全威胁,就必须对有代表性的恶意攻击行为进行研究和分析。任何一个新平台刚开始普及的时候,其上的恶意攻击行为研究工作都会面临诸多挑战,比如缺少对背景知识的了解、缺少具有典型意义的攻击案例、缺少指导性的思想方法等。攻击者通过移动僵尸网络平台可轻易地获取用户隐私信息,发起通话监听攻击,发动短信DDoS攻击、电话DDoS攻击、订购高额SP服务等。此时,面向移动网络的僵尸网络研究就更像是一种强调个性创造的艺术,而不是一种业已成熟的科学。目前国内外对于移动僵尸网络的研究尚处起步阶段,相关研究相对较少。
本论文以移动互联网安全现状、恶意攻击技术研究为主线,以移动智能终端安全为起点,对面向移动互联网的僵尸网络的自身特点、命令与控制网络架构、攻击行为和通信行为等关键技术进行深入研究,同时对移动僵尸网络关键技术进行延伸和扩展,构建基于移动僵尸网络的APT攻击场景,通过不断进行主动防御研究,不断深化防御者对僵尸网络的认识。论文主要工作如下:
(1)本文首先在研究了移动智能终端面临的安全威胁、攻击模式和恶意攻击行为特征的基础上,提出了一种基于SNS和SMS控制的移动僵尸网络模型。攻击者通过公共社交网络服务器控制整个僵尸网络,在服务器的逻辑层,僵尸网络呈现多账号的P2P结构,其拓扑结构可由攻击者自主定义,对于被判定为3G/WiFi网络服务不可达的僵尸节点,采用短信服务构建命令控制信道探测僵尸节点的状态,灾难恢复已经崩溃的社交网络控制命令信道,从而提高僵尸网络的健壮性。
(2)本文在基于移动僵尸网络的研究基础上,进一步研究了僵尸网络行为的外延攻击形式APT攻击,提出了APT攻击的公式化定义,定义APT由五元组所构成,主要用于反映攻击者对被攻击对象不断渗透的行为过程。本文设计并实现了基于移动僵尸网络行为特征的APT攻击场景,以攻击目的为核心构建攻击场景,并提出了两个层次的攻击对象集以体现多维度的攻击思路,构建了四种攻击通道和两种攻击行为,以诠释多路径渗透的攻击思想。
Mobile networks security is an emerging field. In order to detect the potential security threats existing on this platform, it is necessary to study and analyze the representative malicious attacks. As a new platform starts to popularize, researchers on malicious attacks have to deal with many difficulties such as the lack of background knowledge, typical attack cases, and guidelines of research works. Moreover, an attacker using a mobile botnet platform can easily acquire the user's private information, initiate a call eavesdropping attack, launch SMS and telephone DDoS attacks, and order high SP services etc. In this sense, the research on key techniques of botnet based on mobile networks determines to create an innovative work rather than to study a subject of science. Nowadays, the study on mobile botnet is still in its infancy, with a small number of related works both at home and abroad.
The research fields of this thesis include the mobile network security, malicious attack techniques, and mobile intelligent terminal security. The key techniques address characteristics of mobile networks botnet, the command and control of network architecture, aggressive behavior and communication behavior. Meanwhile, the APT attack scene based on the mobile botnet, mobile botnet are studied. The main work is as follows:
(1) A mobile botnet model based on SNS and SMS control is proposed in this thesis. The author analyzes the attack mode and the behavioral characteristics of the malicious attacks of the mobile intelligent terminal as well as the security threats faced by the mobile intelligent terminal. Attackers can control the entire botnet through public social networking server. In the server's logical layer, the botnet presents a P2P structure of multiple-accounts, and its topology could be defined by the attacker. If a zombie node is out of the reach of the3G/WiFi network service, it is possible to detect the state of the zombie node by means SMS-services-built command control channel. Moreover, the collapsed social network control command channel could be recovered. Thereby the robustness of the botnet could be enhanced.
(2) Based on the research of the mobile botnet, this thesis further explored the extended form of botnet attack—APT attacks. After that, it initiated the definition of APT attacks using formulation; APT is composed of five parts, which is mainly used to reflect the penetrating process of attacker. This paper designed and implemented the APT attack scenario based on mobile botnet behavior characteristics, focusing on the purpose of attack. In order to embody the multi-dimensional attack ideas, two levels of attack object sets are proposed, as well as to set up four types of attack channels and two kinds of aggressive behavior to interpret the attack ideology of the multi-path penetration.
本论文以移动互联网安全现状、恶意攻击技术研究为主线,以移动智能终端安全为起点,对面向移动互联网的僵尸网络的自身特点、命令与控制网络架构、攻击行为和通信行为等关键技术进行深入研究,同时对移动僵尸网络关键技术进行延伸和扩展,构建基于移动僵尸网络的APT攻击场景,通过不断进行主动防御研究,不断深化防御者对僵尸网络的认识。论文主要工作如下:
(1)本文首先在研究了移动智能终端面临的安全威胁、攻击模式和恶意攻击行为特征的基础上,提出了一种基于SNS和SMS控制的移动僵尸网络模型。攻击者通过公共社交网络服务器控制整个僵尸网络,在服务器的逻辑层,僵尸网络呈现多账号的P2P结构,其拓扑结构可由攻击者自主定义,对于被判定为3G/WiFi网络服务不可达的僵尸节点,采用短信服务构建命令控制信道探测僵尸节点的状态,灾难恢复已经崩溃的社交网络控制命令信道,从而提高僵尸网络的健壮性。
(2)本文在基于移动僵尸网络的研究基础上,进一步研究了僵尸网络行为的外延攻击形式APT攻击,提出了APT攻击的公式化定义,定义APT由五元组所构成,主要用于反映攻击者对被攻击对象不断渗透的行为过程。本文设计并实现了基于移动僵尸网络行为特征的APT攻击场景,以攻击目的为核心构建攻击场景,并提出了两个层次的攻击对象集以体现多维度的攻击思路,构建了四种攻击通道和两种攻击行为,以诠释多路径渗透的攻击思想。
Mobile networks security is an emerging field. In order to detect the potential security threats existing on this platform, it is necessary to study and analyze the representative malicious attacks. As a new platform starts to popularize, researchers on malicious attacks have to deal with many difficulties such as the lack of background knowledge, typical attack cases, and guidelines of research works. Moreover, an attacker using a mobile botnet platform can easily acquire the user's private information, initiate a call eavesdropping attack, launch SMS and telephone DDoS attacks, and order high SP services etc. In this sense, the research on key techniques of botnet based on mobile networks determines to create an innovative work rather than to study a subject of science. Nowadays, the study on mobile botnet is still in its infancy, with a small number of related works both at home and abroad.
The research fields of this thesis include the mobile network security, malicious attack techniques, and mobile intelligent terminal security. The key techniques address characteristics of mobile networks botnet, the command and control of network architecture, aggressive behavior and communication behavior. Meanwhile, the APT attack scene based on the mobile botnet, mobile botnet are studied. The main work is as follows:
(1) A mobile botnet model based on SNS and SMS control is proposed in this thesis. The author analyzes the attack mode and the behavioral characteristics of the malicious attacks of the mobile intelligent terminal as well as the security threats faced by the mobile intelligent terminal. Attackers can control the entire botnet through public social networking server. In the server's logical layer, the botnet presents a P2P structure of multiple-accounts, and its topology could be defined by the attacker. If a zombie node is out of the reach of the3G/WiFi network service, it is possible to detect the state of the zombie node by means SMS-services-built command control channel. Moreover, the collapsed social network control command channel could be recovered. Thereby the robustness of the botnet could be enhanced.
(2) Based on the research of the mobile botnet, this thesis further explored the extended form of botnet attack—APT attacks. After that, it initiated the definition of APT attacks using formulation; APT is composed of five parts, which is mainly used to reflect the penetrating process of attacker. This paper designed and implemented the APT attack scenario based on mobile botnet behavior characteristics, focusing on the purpose of attack. In order to embody the multi-dimensional attack ideas, two levels of attack object sets are proposed, as well as to set up four types of attack channels and two kinds of aggressive behavior to interpret the attack ideology of the multi-path penetration.
引文
[1]Zhai L, Guo W, Jia Z, et al. Worm Propagation Model for Heterogeneous Network[C]// Proceedings of International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. IEEE,2012:151-154.
[2]Zhou L, Zhang L, McSherry F, et al. A First Look at Peer-to-Peer Worms:Threats and defenses[M]//Peer-to-Peer Systems Ⅳ. Springer Berlin Heidelberg,2005:24-35.
[3]Xu J, Chen H. Criminal Network Analysis and Visualization[J]. Communications of the ACM,2005,48(6):100-107.
[4]Calman C. Spy vs. Spouse:Regulating Surveillance Software on Shared Marital Computers[J]. Columbia Law Review,2005:2097-2134.
[5]Mostrous A, Brown D. Microsoft Seeks Patent for Office'Spy'Software[J]. The Times, 2008,16.
[6]杜跃进.APT应对面临的挑战——关于APT的一些问题[J].信息安全与通信保密,2012,7:13-14.
[7]Falliere N, Murchu L O, Chien E. W32. Stuxnet Dossier[J]. White Paper, Symantec Corp., Security Response,2011.
[8]Bencsath B, Pek G, Buttyan L, et al. The Cousins of Stuxnet:Duqu, Flame, and Gauss[J]. Future Internet,2012,4(4):971-1003.
[9]Kindlund D. Flamer/SkyWiper Malware:Analysis[J]. FireEye,30th May{Online resource} Available at:http://blog.fireeye.com/research/2012/05/flamerskywiper-analy sis.html,[Accessed 20/11/12],2012.
[10]方滨兴,催翔,王威.僵尸网络综述[J].计算机研究与发展,2011,48(8):1315-1331.
[11]Mirkovic J, Reiher P. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms[J]. ACM SIGCOMM Computer Communication Review,2004,34(2):39-53.
[12]Emigh A. Online Identity Theft:Phishing Technology, Chokepoints and Countermeasures[J]. ITTC Report on Online Identity Theft Technology and Countermeasures,2005,3.
[13]Gyongyi Z, Garcia-Molina H, Pedersen J. Combating Web Spam with Trastrank[C]//Proceedings of the Thirtieth International Conference on Very Large Data Bases-Volume 30. VLDB Endowment,2004:576-587.
[14]Chiang K, Lloyd L. A Case Study of the Rustock Rootkit and Spam Bot[C]//Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets(HotBot's07),2007.
[15]翟立东,刘元安,马晓雷,等.发布/订阅通信机制在移动Ad Hoc网络中的应用[J].北京邮电大学学报,2008,31(2):30-33.
[16]2012年第三季度中国手机应用安全报告[J].国家互联网应急中心(CNCERT/CC)国家网络安全技术研究所(NINIS)软件安全评估中心,{Online resource} Available at: http://www.cert.org.cn/publish/main/47/2012/20121231133721780244799/2012123113 3721780244799_.html,[Accessed 15/4/13],2012.
[17]沈忱,杜骏飞.打开潘多拉魔盒:SoLoMo商业模式及前景[J].广告大观:综合版,2011(9):86-87.
[18]Fukui K. The Path of Chemical Reactions-the IRC Approach[J]. Accounts of Chemical Research,1981,14(12):363-368.
[19]Fielding R, Gettys J, Mogul J, et al. Hypertext Transfer Protocol-HTTP/1.1 [J].1999.
[20]张春红.P2P技术全面解析[M].人民邮电出版社,2010.
[21]Holz T, Gorecki C, Freiling F, et al. Detection and Mitigation of Fast-flux Service Networks[C]//Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08).2008.
[22]Stone-Gross B, Cova M, Cavallaro L, et al. Your Botnet is My Botnet:Analysis of A Botnet Takeover[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM,2009:635-647.
[23]Xiang C, Binxing F, Lihua Y, et al. Andbot:Towards Advanced Mobile Botnets[C]//Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent threats. USENIX Association,2011.
[24]Wang P, Sparks S, Zou C C. An Advanced Hybrid Peer-to-Peer Botnet[J]. Dependable and Secure Computing, IEEE Transactions on,2010,7(2):113-127.
[25]诸葛建伟,韩心慧,周勇林,等.僵尸网络研究[J].软件学报,2008,19(3):702-715.
[26]Grizzard J B, Sharma V, Nunnery C, et al. Peer-to-Peer Botnets:Overview and Case Study[C]//Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets.2007.
[27]Schiller C, Binkley J R. Botnets:The Killer Web Applications[M]. Syngress,2011.
[28]Jiabin J J Y. A Remote Access Trojan Blocking Technique Based on Characteristic Behavior [J]. Computer & Digital Engineering,2008,11.
[29]Stewart J. Sinit P2P trojan analysis[J]. Web Publication. Available at URL:http://www. secureworks. com/research/threats/sinit,2003.
[30]Ramachandran A, Feamster N. Understanding the Network-Level Behavior of Spammers[C]//Proceedings of the ACM SIGCOMM Conference on Computer Communication Review. ACM,2006,36(4):291-302.
[31]Sit E, Morris R. Security Considerations for Peer-to-Peer Distributed Hash Tables[M]//Peer-to-Peer Systems. Springer Berlin Heidelberg,2002:261-269.
[32]Stock B, Gobel J, Engelberth M, et al. Walowdac-Analysis of A Peer-to-Peer Botnet[C]//Proceedings of the European Conference on Computer Network Defense (EC2ND),2009:13-20.
[33]Loo B T, Huebsch R, Stoica I, et al. The Case for A Hybrid P2P Search Infrastructure[M]//Peer-to-Peer Systems III. Springer Berlin Heidelberg,2005:141-150.
[34]李书豪,云晓春,郝志宇,翟立东.MRRbot:基于冗余机制的多角色P2P僵尸网络模型[J].计算机研究与发展,2011,48(8):1488-1496.
[35]Apvrille A. Symbian Worm Yxes:Towards Mobile Botnets?[J]. Journal in Computer Virology,2012,8(4):117-131.
[36]Porras P, Saidi H, Yegneswaran V. An Analysis of the Ikee.B Iphone Botnet[M]//Security and Privacy in Mobile Information and Communication Systems. Springer Berlin Heidelberg,2010:141-152.
[37]Hua J, Sakurai K. A SMS-based Mobile Botnet Using Flooding Algorithm[M]//Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. Springer Berlin Heidelberg,2011: 264-279.
[38]Zeng Y, Shin K G, Hu X. Design of SMS Commanded-and-Controlled and P2P-Structured Mobile Botnets[C]//Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM,2012:137-148.
[39]Reed T, Geis J, Dietrich S. SkyNET:A 3G-enabled Mobile Attack Drone and Stealth Botmaster[C]//Proceedings of the 5th USENIX Conference on Offensive Technologies, WOOT. 2011,11:4-4.
[40]Knysz M, Hu X, Zeng Y, et al. Open WiFi Networks:Lethal Weapons for Botnets?[C]// Proceedings of IEEE International Conference on Computer Communications,2012: 2631-2635.
[41]Singh K, Sangal S, Jain N, et al. Evaluating Bluetooth as A Medium for Botnet Command and Control[M]//Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg,2010:61-80.
[42]Nassar M, Festor O. VoIP malware:Attack Tool & Attack Scenarios[C]//Proceedings of the IEEE International Conference on Communications,2009:1-6.
[43]Nagaraja S, Houmansadr A, Piyawongwisal P, et al. Stegobot:A Covert Social Network Botnet[C]//Proceedings of 13th International Conference on Information Hiding, Springer Berlin Heidelberg,2011:299-313.
[44]Developers A. What is Android?[J]. http://developer.android.com/guide/basics/what-is-android.html,2011,2.
[45]Enck W, Ongtang M, McDaniel P. Understanding Android Security[J]. Security & Privacy, IEEE,2009,7(1):50-57.
[46]Tankard C. Advanced Persistent Threats and How to Monitor and Deter Them[J]. Network Security,2011,2011(8):16-19.
[47]Kwak H, Lee C, Park H, et al. What is Twitter, A Social Network or A News Media?[C]//Proceedings of the 19th International Conference on World Wide Web. ACM,2010:591-600.
[48]Chang Y J, Liu H H, Chou L D, et al. A General Architecture of Mobile Social Network Services[C]//Proceedings of International Conference on Convergence Information Technology,2007:151-156.
[49]Boyd D, Golder S, Lotan G. Tweet, Tweet, Retweet:Conversational Aspects of Retweeting on Twitter[C]//Proceedings of the Hawaii International Conference on System Sciences (HICSS),2010:1-10.
[50]Perera R D W, Anand S, Subbalakshmi K P, et al. Twitter Analytics:Architecture, Tools and Analysis[C]//Military Communications Conference,2010-MILCOM 2010. IEEE, 2010:2186-2191.
[51]Oussalah M, Bhat F, Challis K, et al. A Software Architecture for Twitter Collection, Search and Geolocation Services[J]. Knowledge-Based Systems,2013,37:105-120.
[52]Bachle M, Kirchberg P. Ruby on Rails[J], IEEE Software,2007,24(6):105-108.
[53]Nishtala R, Vuduc R W, Demmel J W, et al. When Cache Blocking of Sparse Matrix Vector Multiply Works and Why[J]. Applicable Algebra in Engineering, Communication and Computing,2007,18(3):297-311.
[54]Mohan C. Caching Technologies for Web Applications[C]//Proceedings of the 27th International Conference on Very Large Data Bases. Morgan Kaufinann Publishers Inc., 2001:726.
[55]Brown J, Shipman B, Vetter R. SMS:The Short Message Service[J]. Computer,2007, 40(12):106-110.
[56]Ross F L, Stashluk Jr E J. Short Message Service Center:U.S. Patent 6,263,212[P]. 2001-7-17.
[57]RSA, RSA Security Brief:Mobilizing Intelligent Security Operations for Advanced Persistent Threats[J]. http://www.rsa.com/innovation/docs/11313_APT_BRF_0211.pdf, February 2011.
[58]翟立东,李跃,贾召鹏,郭莉.融合网络空间的APT威胁检测与防护[J].信息网络安全,2013(003):58-60.
[2]Zhou L, Zhang L, McSherry F, et al. A First Look at Peer-to-Peer Worms:Threats and defenses[M]//Peer-to-Peer Systems Ⅳ. Springer Berlin Heidelberg,2005:24-35.
[3]Xu J, Chen H. Criminal Network Analysis and Visualization[J]. Communications of the ACM,2005,48(6):100-107.
[4]Calman C. Spy vs. Spouse:Regulating Surveillance Software on Shared Marital Computers[J]. Columbia Law Review,2005:2097-2134.
[5]Mostrous A, Brown D. Microsoft Seeks Patent for Office'Spy'Software[J]. The Times, 2008,16.
[6]杜跃进.APT应对面临的挑战——关于APT的一些问题[J].信息安全与通信保密,2012,7:13-14.
[7]Falliere N, Murchu L O, Chien E. W32. Stuxnet Dossier[J]. White Paper, Symantec Corp., Security Response,2011.
[8]Bencsath B, Pek G, Buttyan L, et al. The Cousins of Stuxnet:Duqu, Flame, and Gauss[J]. Future Internet,2012,4(4):971-1003.
[9]Kindlund D. Flamer/SkyWiper Malware:Analysis[J]. FireEye,30th May{Online resource} Available at:http://blog.fireeye.com/research/2012/05/flamerskywiper-analy sis.html,[Accessed 20/11/12],2012.
[10]方滨兴,催翔,王威.僵尸网络综述[J].计算机研究与发展,2011,48(8):1315-1331.
[11]Mirkovic J, Reiher P. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms[J]. ACM SIGCOMM Computer Communication Review,2004,34(2):39-53.
[12]Emigh A. Online Identity Theft:Phishing Technology, Chokepoints and Countermeasures[J]. ITTC Report on Online Identity Theft Technology and Countermeasures,2005,3.
[13]Gyongyi Z, Garcia-Molina H, Pedersen J. Combating Web Spam with Trastrank[C]//Proceedings of the Thirtieth International Conference on Very Large Data Bases-Volume 30. VLDB Endowment,2004:576-587.
[14]Chiang K, Lloyd L. A Case Study of the Rustock Rootkit and Spam Bot[C]//Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets(HotBot's07),2007.
[15]翟立东,刘元安,马晓雷,等.发布/订阅通信机制在移动Ad Hoc网络中的应用[J].北京邮电大学学报,2008,31(2):30-33.
[16]2012年第三季度中国手机应用安全报告[J].国家互联网应急中心(CNCERT/CC)国家网络安全技术研究所(NINIS)软件安全评估中心,{Online resource} Available at: http://www.cert.org.cn/publish/main/47/2012/20121231133721780244799/2012123113 3721780244799_.html,[Accessed 15/4/13],2012.
[17]沈忱,杜骏飞.打开潘多拉魔盒:SoLoMo商业模式及前景[J].广告大观:综合版,2011(9):86-87.
[18]Fukui K. The Path of Chemical Reactions-the IRC Approach[J]. Accounts of Chemical Research,1981,14(12):363-368.
[19]Fielding R, Gettys J, Mogul J, et al. Hypertext Transfer Protocol-HTTP/1.1 [J].1999.
[20]张春红.P2P技术全面解析[M].人民邮电出版社,2010.
[21]Holz T, Gorecki C, Freiling F, et al. Detection and Mitigation of Fast-flux Service Networks[C]//Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08).2008.
[22]Stone-Gross B, Cova M, Cavallaro L, et al. Your Botnet is My Botnet:Analysis of A Botnet Takeover[C]//Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM,2009:635-647.
[23]Xiang C, Binxing F, Lihua Y, et al. Andbot:Towards Advanced Mobile Botnets[C]//Proceedings of the 4th USENIX Conference on Large-scale Exploits and Emergent threats. USENIX Association,2011.
[24]Wang P, Sparks S, Zou C C. An Advanced Hybrid Peer-to-Peer Botnet[J]. Dependable and Secure Computing, IEEE Transactions on,2010,7(2):113-127.
[25]诸葛建伟,韩心慧,周勇林,等.僵尸网络研究[J].软件学报,2008,19(3):702-715.
[26]Grizzard J B, Sharma V, Nunnery C, et al. Peer-to-Peer Botnets:Overview and Case Study[C]//Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets.2007.
[27]Schiller C, Binkley J R. Botnets:The Killer Web Applications[M]. Syngress,2011.
[28]Jiabin J J Y. A Remote Access Trojan Blocking Technique Based on Characteristic Behavior [J]. Computer & Digital Engineering,2008,11.
[29]Stewart J. Sinit P2P trojan analysis[J]. Web Publication. Available at URL:http://www. secureworks. com/research/threats/sinit,2003.
[30]Ramachandran A, Feamster N. Understanding the Network-Level Behavior of Spammers[C]//Proceedings of the ACM SIGCOMM Conference on Computer Communication Review. ACM,2006,36(4):291-302.
[31]Sit E, Morris R. Security Considerations for Peer-to-Peer Distributed Hash Tables[M]//Peer-to-Peer Systems. Springer Berlin Heidelberg,2002:261-269.
[32]Stock B, Gobel J, Engelberth M, et al. Walowdac-Analysis of A Peer-to-Peer Botnet[C]//Proceedings of the European Conference on Computer Network Defense (EC2ND),2009:13-20.
[33]Loo B T, Huebsch R, Stoica I, et al. The Case for A Hybrid P2P Search Infrastructure[M]//Peer-to-Peer Systems III. Springer Berlin Heidelberg,2005:141-150.
[34]李书豪,云晓春,郝志宇,翟立东.MRRbot:基于冗余机制的多角色P2P僵尸网络模型[J].计算机研究与发展,2011,48(8):1488-1496.
[35]Apvrille A. Symbian Worm Yxes:Towards Mobile Botnets?[J]. Journal in Computer Virology,2012,8(4):117-131.
[36]Porras P, Saidi H, Yegneswaran V. An Analysis of the Ikee.B Iphone Botnet[M]//Security and Privacy in Mobile Information and Communication Systems. Springer Berlin Heidelberg,2010:141-152.
[37]Hua J, Sakurai K. A SMS-based Mobile Botnet Using Flooding Algorithm[M]//Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless Communication. Springer Berlin Heidelberg,2011: 264-279.
[38]Zeng Y, Shin K G, Hu X. Design of SMS Commanded-and-Controlled and P2P-Structured Mobile Botnets[C]//Proceedings of the Fifth ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM,2012:137-148.
[39]Reed T, Geis J, Dietrich S. SkyNET:A 3G-enabled Mobile Attack Drone and Stealth Botmaster[C]//Proceedings of the 5th USENIX Conference on Offensive Technologies, WOOT. 2011,11:4-4.
[40]Knysz M, Hu X, Zeng Y, et al. Open WiFi Networks:Lethal Weapons for Botnets?[C]// Proceedings of IEEE International Conference on Computer Communications,2012: 2631-2635.
[41]Singh K, Sangal S, Jain N, et al. Evaluating Bluetooth as A Medium for Botnet Command and Control[M]//Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg,2010:61-80.
[42]Nassar M, Festor O. VoIP malware:Attack Tool & Attack Scenarios[C]//Proceedings of the IEEE International Conference on Communications,2009:1-6.
[43]Nagaraja S, Houmansadr A, Piyawongwisal P, et al. Stegobot:A Covert Social Network Botnet[C]//Proceedings of 13th International Conference on Information Hiding, Springer Berlin Heidelberg,2011:299-313.
[44]Developers A. What is Android?[J]. http://developer.android.com/guide/basics/what-is-android.html,2011,2.
[45]Enck W, Ongtang M, McDaniel P. Understanding Android Security[J]. Security & Privacy, IEEE,2009,7(1):50-57.
[46]Tankard C. Advanced Persistent Threats and How to Monitor and Deter Them[J]. Network Security,2011,2011(8):16-19.
[47]Kwak H, Lee C, Park H, et al. What is Twitter, A Social Network or A News Media?[C]//Proceedings of the 19th International Conference on World Wide Web. ACM,2010:591-600.
[48]Chang Y J, Liu H H, Chou L D, et al. A General Architecture of Mobile Social Network Services[C]//Proceedings of International Conference on Convergence Information Technology,2007:151-156.
[49]Boyd D, Golder S, Lotan G. Tweet, Tweet, Retweet:Conversational Aspects of Retweeting on Twitter[C]//Proceedings of the Hawaii International Conference on System Sciences (HICSS),2010:1-10.
[50]Perera R D W, Anand S, Subbalakshmi K P, et al. Twitter Analytics:Architecture, Tools and Analysis[C]//Military Communications Conference,2010-MILCOM 2010. IEEE, 2010:2186-2191.
[51]Oussalah M, Bhat F, Challis K, et al. A Software Architecture for Twitter Collection, Search and Geolocation Services[J]. Knowledge-Based Systems,2013,37:105-120.
[52]Bachle M, Kirchberg P. Ruby on Rails[J], IEEE Software,2007,24(6):105-108.
[53]Nishtala R, Vuduc R W, Demmel J W, et al. When Cache Blocking of Sparse Matrix Vector Multiply Works and Why[J]. Applicable Algebra in Engineering, Communication and Computing,2007,18(3):297-311.
[54]Mohan C. Caching Technologies for Web Applications[C]//Proceedings of the 27th International Conference on Very Large Data Bases. Morgan Kaufinann Publishers Inc., 2001:726.
[55]Brown J, Shipman B, Vetter R. SMS:The Short Message Service[J]. Computer,2007, 40(12):106-110.
[56]Ross F L, Stashluk Jr E J. Short Message Service Center:U.S. Patent 6,263,212[P]. 2001-7-17.
[57]RSA, RSA Security Brief:Mobilizing Intelligent Security Operations for Advanced Persistent Threats[J]. http://www.rsa.com/innovation/docs/11313_APT_BRF_0211.pdf, February 2011.
[58]翟立东,李跃,贾召鹏,郭莉.融合网络空间的APT威胁检测与防护[J].信息网络安全,2013(003):58-60.