簡易檢索 / 詳目顯示
| 研究生: |
葉奇鑫 Chi-Hsin Yeh |
|---|---|
| 論文名稱: |
主動式傳播殭屍網路防禦機制 A Defense Mechanism for the Active Spread of Botnet |
| 指導教授: |
曾黎明
Li-Ming Tseng |
| 口試委員: | |
| 學位類別: |
碩士 Master |
| 系所名稱: |
資訊電機學院 - 資訊工程學系 Department of Computer Science & Information Engineering |
| 論文出版年: | 2013 |
| 畢業學年度: | 101 |
| 語文別: | 中文 |
| 論文頁數: | 50 |
| 中文關鍵詞: | 殭屍網路 、主動式入侵 、誘捕系統 、解毒 、殭屍網路傳播 |
| 外文關鍵詞: | Bot, Botnet, Active intrusion, Honeypot, Active spread of botnet |
| 相關次數: | 點閱:12 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
殭屍網路是目前最嚴重的資訊安全威脅之一,原因在於殭屍網路是結合多種惡意程式特色的攻擊手法,攻擊者具有高度隱密性並能同時一對多來操控整個殭屍網路進行惡意行為,所以越來越多的攻擊者把攻擊的目標轉向於殭屍網路,也使得殭屍病毒程式不斷的改進加強。
根據不同殭屍病毒入侵受害者電腦的方式不同,可將入侵方式分成主動式與被動式兩類型,主動式是指攻擊者去利用漏洞入侵到受害者電腦,並取得權限去安裝惡意程式,這類的情況屬於攻擊者方主動發動攻擊的,受害者電腦是在無知的狀況。被動式是指受害者在攻擊者的誘騙下點擊安裝了惡意程式成為殭屍網路受害者,此類發生的原因大多取決於受害者的不良習慣所致,因為操作習慣難以短期間改變,往往容易在清毒之後短時間內又成為殭屍網路受害者,這說明了被動式誘騙的殭屍網路是難以防範的。因此,我們將針對主動式入侵攻擊的方式提出防禦機制,利用動態延伸蜜罐誘捕系統(Dynamic Extensible Two-way Honeypot)機制提供連上特殊的偽造C&C伺服器來作為解毒的方法以防止主動式殭屍網路的傳播。
Botnet is one of the most serious security threats. Because the zombie network is a combination of a variety of unique malware attack techniques, attackers not only can hidden themselves but also can control multiple bots to do many malicious behaviors. So more and more attackers turn their target on botnets, they continuously improve and enhance botnet malware.
Depending on the invasive ways of botnet malware, we can divide invasive ways into two types: active and passive ways. For the latter, victims install and execute the botnet malware by themselves, because they have a bad habit of network usage. Even if their computers have been cleared the malware, they are likely to be a bot again in a short time. It explains the passive decoy botnet is difficult to prevent. We will focus on the defense mechanism of active intrusion, and we use dynamic extensible honeypot system to provide a special connection to the server and remove malwares to prevent the active spread of botnet.
[1] Abu Rajab, Moheeb, et al. "A multifaceted approach to understanding the botnet phenomenon", Proceedings of the 6th ACM SIGCOMM conference on Internet measurement. ACM, 2006, pp. 41-52
[2] Davis, Carlton R., et al. "Sybil attacks as a mitigation strategy against the Storm botnet", Malicious and Unwanted Software, 3rd International Conference on. IEEE, 2008, pp.32-40
[3] S. Stankovic and D. Simic. "Defense Strategies Against Modern Botnets", IJCSIS, June 2009, Vol. 2
[4] Zou, C.C. and Cunningham, R., "Honeypot-Aware Advanced Botnet Construction and Maintenance", Proceedings of the 2006 International Conference on Dependable Systems and Networks (DSN’06), pp.199-208
[5] Masud, M. M., et al. "Flow-based identification of botnet traffic by mining multiple log files", Distributed Framework and Applications, 2008 First International Conference on. IEEE, 2008, pp.200-206
[6] Livadas, C., et al. "Usilng machine learning technliques to identify botnet traffic" Local Computer Networks, Proceedings 2006 31st IEEE Conference, 2006, pp.967-974
[7] Gu, G., Perdisci, R., et al. "BotMiner: Clustering analysis of network traffic for protocol-and structure-independent botnet detection", 17th conference on Security symposium, 2008, pp. 139-154
[8] Jose Nazario and Holz, T., "As the Net Churns: Fast-Flux Botnet Observations", 2008 3rd International Conference on Malicious and Unwanted Software(MALWARE), pp. 24-31
[9] Binsalleeh, H., "On the Analysis of the Zeus Botnet Crimeware Toolkit", 2010 Eighth Annual International Conference on. IEEE, 2010, pp.31-38
[10] Falliere, Nicolas, and Eric Chien, "Zeus: King of the Bots.", Retrieved from Security Response Whitepapers Symantec Corp, 2009. [online] http://www. symantec. com/content/en/us/enterprise/media/security_response/whitepapers/zeus_king_of_bots. pdf
[11] A. Al-Bataineh and G. White, "Analysis and detection of malicious data exfiltration in web traffic", Malicious and Unwanted Software (MALWARE), 2012 7th International Conference, p26 - 31
[12] Lesne, A., "Shannon entropy: a rigorous mathematical notion at the crossroads between probability, information theory, dynamical systems and statistical physics." (2011).
[13] Pharwaha, Amar Partap Singh, and Baljit Singh, "Shannon and Non-Shannon measures of entropy for statistical texture feature extraction in digitized mammograms", Proc World Congress Eng Computer Sci. Vol. 2. 2009, pp. 1-6
[14] 彭士家, "Botnet Victim Detection and Notificationbased on Openflow Switch", 國立中央大學資訊工程所碩士論文 民國99年
[15] 黃勝獅, " Botnet Traffic Analysis and Dectection by Using OpenFlow Switch", 國立中央大學資訊工程所碩士論文 民國100年
[16] 趙亞略, "DEH: Dynamic Extensible Two-way Honeypot", 國立中央大學資訊工程所碩士論文 民國101年
[17] Raghava, N. S., Divya Sahgal, and Seema Chandna, "Classification of Botnet Detection Based on Botnet Architechture" Communication Systems and Network Technologies (CSNT), 2012 International Conference on. IEEE, 2012.
[18] 銳傑科技威脅通報[online] http://www.eranger.com.tw/virus.php?v_id=811
[19] A Brief Look at Zeus/Zbot 2.0[online] http://www.symantec.com/connect/blogs/brief-look-zeuszbot-20
