透過您的圖書館登入 IP:18.117.216.36
透過您的圖書館登入
IP:18.117.216.36
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

殭屍網路之多層次特徵分析及檢測

Multi-layered Signatures Analysis and Detection for Botnet

陳明烽(Ming-Feng Chen)
指導教授 : 魯大德
健行科技大學/電資學院/資訊工程所/碩士(2012年)
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
未授權

摘要

隨著網路技術的進步和網際網路的普及,網路上的惡意行為也越來越多,如轉發垃圾信(Spam)、阻絕服務攻擊(Denial of Service)、分散式阻絕服務攻擊攻擊(Distributed Denial of Service)。而 殭屍網路(Botnet) 則是網路惡意行為的重要部分之一。通常 Botnet 分為三個部分 - Botmaster、C&C server(Command and Control Server)和 Bots,而 Botnet 運行的重點則在於彼此間的溝通,因此在偵測Botnet行為及防禦 Botnet 時多數已發表的論文都是藉由統計DNS流量或依其流量來判斷是否為Botnet行為並藉以偵測是否成為 Bot,或是偵測其網路流量依其流量行為來判斷是否感染。本文結合不同的通訊協定(TCP、UDP)、統計重複性較高的 Payload 及特定之埠號並以資料探勘(Data Mining)分群方式,以內容關鍵字分群等多層次特徵擷取方式進行阻擋其溝通。實驗測試結果多層次特徵擷取方式,可達到完全性阻檔之目的並可避免因與某些正常行為相似而產生之正向誤判,且因其依協定分群實行規則比對故可比需偵測所有特徵的偵測方式較為快速。

關鍵字

特徵分析 多層次架構 殭屍網路 通訊模式

並列摘要

In recent years, malware attacks become more serious over the Internet by spam e-mail, denial of service (DoS) or distributed denial of service (DDoS). The Botnets become a significant part of the Internet malware attacks. In this thesis, we will develop a mechanism called Multi-layered Signatures Analysis and Detection System to detect and analyze the signature of botnet. The objective is to identify the Botnet behaviors. However, the botnets have many different behaviors and signatures. Data mining methods are applied to search, detect and statistical analysis the important signatures payloads from TCP and UDP packets. The mechanism will bypass normal communication patterns to have similar behaviors as botnets. Also, the system can identify the traffic flows of botnets.

並列關鍵字

signature multi-layered botnet communication patterns

參考文獻

(1) 江其杰,「殭屍網路(Botnets):最危險的安全威脅」,資訊安全通訊,第十五卷第四期,122~128頁,民國九十八年十月。
(2) A. D. Schmidt, H. G. Schmidt, L. Batyuk, J. H. Clausen, S. A. Camtepe, and S. Albayrak, “Smartphone Malware Evolution Revisited: Android Next Target?”, 2009 4th International Conference on Malicious and Unwanted Software, pp. 1-7, October 2009.
(3) B. K. Tanner, G. Warner, and H. Stern, “Koobface: the Evolution of the Social Botnet”, in eCrime Researchers Summit, pp. 1-10, October 2011.
(4) P. W. Liu, “An Adaptive Defense Mechanism against P2P Botnets”, Department of Information Engineering, Chung Yuan Christian University, Chungli, Taiwan, Master thesis, January 2009.
(5) D. I. Jang, M. Kim, H. C. Jung, and B. N. Noh, “Analysis of HTTP2P Botnet: Case Study Waledac”, in Proc. IEEE Int. Conf. Communications, pp. 409-412, December 2009.

延伸閱讀

未授權