摘要
最近,在網際網路上惡意程式造成的傷害越來越嚴重,常見的惡意行為有轉發垃圾信(Spam)、阻絕服務攻擊(denial of service)、分散式阻絕服務攻擊(distributed denial of service)。殭屍網路則是網路嚴重威脅之一,傳統的殭屍網路包括三個部分-殭屍網路控制者(botmaster),命令及控制伺服器(command and control servers)和被植入惡意程式的殭屍電腦(bots)。命令及控制伺服器從控制者接收命令並控制殭屍電腦的行為(執行惡意行為)。殭屍電腦通常藉由DNS來找到命令及控制伺服器以達到正常通訊,多數已發表的論文藉由統計DNS流量來判斷是否為殭屍電腦的行為模式。本文提出一種新的殭屍網路架構-發展一種混合式點對點社交殭屍網路,此架構使用Web 2.0技術隱藏從殭屍網路控制者發出的訊息,於社交網站,社交網站被當成命令及控制伺服器並將命令及控制的指令隱藏其中,此方法可以減少殭屍網路溝通中的DNS流量,實驗統計此架構比IRC-base殭屍網路及HTTP-base殭屍網路DNS流量減少98%,達到有效避免以DNS流量統計及網域名判斷為殭屍電腦的行為模式。
並列摘要
Recently, malware attacks have become more serious over the Internet by e-mail, denial of service (DoS) or distributed denial of service (DDoS). The Botnets have become a significant part of the Internet malware attacks. The traditional botnets include three parts – botmaster, command and control (C&C) servers and bots. The C&C servers receive commands from botmaster and control the distributions of computers remotely. Bots use DNS to find the positions of C&C server. In this thesiss, we propose an advanced hybrid peer-to-peer (P2P) social botnet (AHPS botnet) using web 2.0 technology to hide the instructions from botmaster into social sites, which are regarded as C&C servers. Servent bots are regarded as sub-C&C servers to get the instructions from social sites. The AHPS botnet can evaluate the performance of servent bots, reduce DNS traffics from bots to C&C servers, and achieve harder detection bots actions than IRC-based botnets over the Internet