僵尸网络已经成为当前网络中的主要安全威胁之一,特别是P2P僵尸网络的发展,使得僵尸网络的生存能力大大提高。针对P2P僵尸网络提出了一种僵尸网络防御模型FLBDM,该模型分为检测、分析、反制3个部分。首先,基于模糊逻辑理论,提出了僵尸网络检测模型FLDBM;其次,引入蜜罐网络对僵尸程序进行分析;最后,引入认证僵尸网络对原僵尸网络进行反制。仿真实验表明:与CUSUM相比,FLBDM防御模型有着良好的检测成功率,以及较低的误报率,并能有效地对僵尸网络进行破坏。 Botnets have become one of the major security threats in the current network. In particular, the development of P2P botnets has greatly enhanced the viability of botnets. A botnet defense model FLBDM is proposed for P2P botnet. The model is divided into three parts: detection, analysis and countermeasure. First of all, based on the theory of fuzzy logic, the botnet detection model FLDBM is proposed. Secondly, the honeypot network is introduced to analyze the bot programs. Finally, the authentication botnet is introduced to counter the original botnet. Simulation results show that compared with CUSUM, FLBDM defense model has a good detection success rate, as well as a lower false alarm rate, and can effectively destroy the botnet.