透過封包分析偵測並瓦解僵屍網路; Botnet Detection and Collapse based on Traffic Analysis

NCUIR > College of Electrical Engineering & Computer Science > Graduate Institute of Computer Science and Information Engineering > Electronic Thesis & Dissertation > Item 987654321/9638

Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9638

Title:	透過封包分析偵測並瓦解僵屍網路;Botnet Detection and Collapse based on Traffic Analysis
Authors:	陳天豪;Tian-Hao Chen
Contributors:	資訊工程研究所
Keywords:	網際網路中繼聊天;僵屍;僵屍網路;域名轉向;網路安全;IRC;bot;botnet;DNS hijacking;network security
Date:	2009-01-16
Issue Date:	2009-09-22 11:52:23 (UTC+8)
Publisher:	國立中央大學圖書館
Abstract:	現今的電腦網路安全正面臨到木馬、蠕蟲、分散式阻斷服務攻擊與廣告釣魚信件的威脅，而在背後支撐起這些恐怖力量的正是Botnet，也就是所謂的僵屍網路。僵屍網路是由傳統的惡意程式進化來的新型態攻擊方式，特色在於提供了攻擊者隱密、有彈性且能夠一對多的操控僵屍進行任務。僵屍網路主要是透過IRC 通訊協定來做溝通，本文便以IRC的Botnet病毒為研究重心，透過域名轉向技術將中了僵屍網路病毒的電腦匯集在一起，阻斷與駭客之間的聯繫，再配合封包解析把控制僵屍的方法找出，以協助這些被駭客操控的電腦解毒。實驗結果證實我們的方法可行，不但成功將的把中了僵屍病毒的電腦匯集起來，還找到了協助他們解毒的辦法。 A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Botnets are evolved from malicious program, its features are providing the attacker secret, flexibility and very powerful capability. IRC is the most common botnet commend and control mechanism because it is scalable and easy to hide within. So in this paper, we focus on the IRC-based virus, using DNS hijacking technology to converge computers infected with botnet virus, this way is to monopolize the connection between hackers. Then figure out hackers how to control bots via traffic analysis. Our results show that bots traffic can be filtering and redirection, and we also can give bot client assistance in clean virus up.
Appears in Collections:	[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

Files in This Item:

File	Size	Format

社群 sharing

Loading...