簡易檢索 / 詳目顯示
| 研究生: |
陳天豪 Tian-Hao Chen |
|---|---|
| 論文名稱: |
透過封包分析偵測並瓦解僵屍網路 Botnet Detection and Collapse based on Traffic Analysis |
| 指導教授: |
曾黎明
Li-Ming Tseng |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 畢業學年度: | 97 |
| 語文別: | 中文 |
| 論文頁數: | 34 |
| 中文關鍵詞: | 網際網路中繼聊天 、僵屍 、僵屍網路 、域名轉向 、網路安全 |
| 外文關鍵詞: | IRC, bot, botnet, DNS hijacking, network security |
| 相關次數: | 點閱:8 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
現今的電腦網路安全正面臨到木馬、蠕蟲、分散式阻斷服務攻擊與廣告釣魚信件的威脅,而在背後支撐起這些恐怖力量的正是Botnet,也就是所謂的僵屍網路。
僵屍網路是由傳統的惡意程式進化來的新型態攻擊方式,特色在於提供了攻擊者隱密、有彈性且能夠一對多的操控僵屍進行任務。僵屍網路主要是透過IRC 通訊協定來做溝通,本文便以IRC的Botnet病毒為研究重心,透過域名轉向技術將中了僵屍網路病毒的電腦匯集在一起,阻斷與駭客之間的聯繫,再配合封包解析把控制僵屍的方法找出,以協助這些被駭客操控的電腦解毒。實驗結果證實我們的方法可行,不但成功將的把中了僵屍病毒的電腦匯集起來,還找到了協助他們解毒的辦法。
A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Botnets are evolved from malicious program, its features are providing the attacker secret, flexibility and very powerful capability.
IRC is the most common botnet commend and control mechanism because it is scalable and easy to hide within. So in this paper, we focus on the IRC-based virus, using DNS hijacking technology to converge computers infected with botnet virus, this way is to monopolize the connection between hackers. Then figure out hackers how to control bots via traffic analysis. Our results show that bots traffic can be filtering and redirection, and we also can give bot client assistance in clean virus up.
[1]J. Oikarinen and D. Reed, “Internet relay chat protocol.” RFC 1459, 1993.
[2]Evan Cooke, Farnam Jahanian, Danny McPherson, “The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. ” In Usenix Workshop on Steps to Reducing Unwanted Traffic on the Internet , June 2005.
[3]Nicole Immorlica, Kamal Jain, Mohammad Mahdian, and Kunal Talwar, “Click Fraud Resistant Methods for Learning Click-Through Rates.”Lecture Notes In Computer Science. Springer-Verlag, New York, 34–45.
[4]M. Overton, “Bots and botnets,” in Virus Bulletin 2005, Oct 2005.
[5]Damballa,http://www.damballa.com/
[6]C. Kalt, “Internet Relay Chat: Architecture.” RFC 2810, 2000
[7]Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose and Andreas Terzis, ”A Multifaceted Approach to Understanding the Botnet Phenomenon,” In IMC’06, October 25–27, 2006, Rio de Janeiro, Brazil
[8]Hyunsang Choi, Hanwoo Lee, Heejo Lee and Hyogon Kim, ” Botnet Detection by Monitoring Group Activities in DNS Traffic,” in Proc. 7th IEEE International Conference on Computer and Information Technology, 2007, pp. 715–720.
[9]Carl Livadas, Bob Walsh, David Lapsley and Tim Strayer, “Using Machine Learning Techniques to Identify Botnet Traffic,” In 2nd IEEE LCN Workshop on Network Security (WoNS''2006), 2006.
[10]涂浩,李之棠和周麗娟,"基於DNS通信數據挖掘的Botnet檢測方法研究,"發表在廈門大學核心期刊學報(自然科學版), 2007年第z2期
[11]W. W. Cohen, “Fast effective rule induction. In ICML,” pages 115-123, 1995.
[12]ThreatExpert , http://www.threatexpert.com/
[13]Craig Schiller and Jim Binkley, “ Botnets:The Killer Web App.”Syngress 2006.
