殭屍網路的活動持續以驚人的速度增長,對世界各地的網路系統安全造成重大威脅。殭屍網路具有相當毀滅性的,例如信用卡竊取或分散式阻斷服務攻擊。因此,了解殭屍網路的行為,拓撲結構是很重要的。因此,我們提出了一個新的本體論和一套推理規則,透過機器學習演算法,以來自動判斷殭屍網路拓撲圖。實驗結果顯示,該方法跟之前的研究來比用最短的推理時間和高準確度來判斷殭屍網路拓樸圖。 駭客越來越多使用快速變動技術來提高惡意程式生命週期,以進行各種進階持續性威脅(APT)活動。這種活動一般是針對商務或政治動機的國家或組織,並且有可能造成巨大破壞的潛力。因此,研究快速變動的服務網路,並找到可能的攻擊行為,這是必不可少的。隨著誘捕系統日誌和關聯式規則探勘,該機制可以減少人的努力和整個系統可以自動運作。我們實驗的結果顯示,該預測系統是可運作的,用來保護資產攻擊或誤報。
Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world. Botnet malfeasance is quite devastating, such as credit card stealing or DDoS. So it is important to understand the botnet behavior, topology and structure. Hence, we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm. The results presented in this dissertation indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works. Hackers have increasingly used fast-flux techniques to extend the lifetime of malware networks in order to conduct various Advanced Persistent Threat (APT) activities. Such activities typically target nations and or organizations for business or political motives and have the potential to cause immense disruption. Thus, it is essential to study the fast-flux service network and find possible attack behaviors. With honeypot logs and association rule mining, the proposed mechanism can reduce human effort and the entire system can operate automatically. The results of our experiments indicate that the prediction system is workable for protecting assets from attacks or misuse.