殭屍網路是目前最嚴重的資訊安全威脅之一,原因在於殭屍網路是結合多種惡意程式特色的攻擊手法,攻擊者具有高度隱密性並能同時一對多來操控整個殭屍網路進行惡意行為,所以越來越多的攻擊者把攻擊的目標轉向於殭屍網路,也使得殭屍病毒程式不斷的改進加強。 根據不同殭屍病毒入侵受害者電腦的方式不同,可將入侵方式分成主動式與被動式兩類型,主動式是指攻擊者去利用漏洞入侵到受害者電腦,並取得權限去安裝惡意程式,這類的情況屬於攻擊者方主動發動攻擊的,受害者電腦是在無知的狀況。被動式是指受害者在攻擊者的誘騙下點擊安裝了惡意程式成為殭屍網路受害者,此類發生的原因大多取決於受害者的不良習慣所致,因為操作習慣難以短期間改變,往往容易在清毒之後短時間內又成為殭屍網路受害者,這說明了被動式誘騙的殭屍網路是難以防範的。因此,我們將針對主動式入侵攻擊的方式提出防禦機制,利用動態延伸蜜罐誘捕系統(Dynamic Extensible Two-way Honeypot)機制提供連上特殊的偽造C&C伺服器來作為解毒的方法以防止主動式殭屍網路的傳播。 Botnet is one of the most serious security threats. Because the zombie network is a combination of a variety of unique malware attack techniques, attackers not only can hidden themselves but also can control multiple bots to do many malicious behaviors. So more and more attackers turn their target on botnets, they continuously improve and enhance botnet malware.Depending on the invasive ways of botnet malware, we can divide invasive ways into two types: active and passive ways. For the latter, victims install and execute the botnet malware by themselves, because they have a bad habit of network usage. Even if their computers have been cleared the malware, they are likely to be a bot again in a short time. It explains the passive decoy botnet is difficult to prevent. We will focus on the defense mechanism of active intrusion, and we use dynamic extensible honeypot system to provide a special connection to the server and remove malwares to prevent the active spread of botnet.
