摘要(英) |
Along with the flourishing development of Internet, many network crimes and malicious attacking activities base on Botnet become a major issue in network security. The Botnet can be either one of backdoors, Trojan horses, and worms or a new form of malicious code that combines those three types. Therefore, it is hard to be detected. The existing researches of detecting method have their own advantages and disadvantages.
In order to detect Botnet effectively, we build up an emulable network environment to observe real Botnet activities, and divide the life cycle of Botnet into four different stages to simulate and observe behaviors of its activities. In the same time, we use the correlation of network behavior to detect Botnet activities and their characteristics in LAN network. Eventfully, we found that even the binary code of bot is changed easily, the characteristics of its network behavior is not easy to change. In other words, the change of characteristics doesn’t always come along with the change of bot code. In this research, we analyze the characteristic of Botnet by using correlation of network behavior and using the detection scheme we designed to detect the Botnet activities in LAN network.
|
參考文獻 |
[1] Nicole Immorlica, Kamal Jain, Mohammad Mahdian, and Kunal Talwar,“Click Fraud Resistant Methods for Learning Click-Through Rates.”Lecture Notes In Computer Science. Springer-Verlag,New York, 34–45
[2] Evan Cooke, Farnam Jahanian, Danny McPherson,“The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets.”In Usenix Workshop on Steps to Reducing Unwanted Traffic on the Internet , June 2005
[3] J Oikarinen, and D Reed,“Internet relay chat protocol.” RFC 1459, 1993
[4] Damballa, http://www.damballa.com/
[5] http://en.wikipedia.org/wiki/Botnet
[6] Bailey M, Cooke E, Jahanian F, Yunjing Xu, Karir M, “A Survey of Botnet Technology and Defenses.” 3-4 MIRCh 2009, Page(s):299 - 304
[7] http://www.runpc.com.tw/content/main_content.aspx?mgo=185&fid=G03
[8] Zhaosheng Zhu, Guohan Lu, Yan Chen, Zhi Judy Fu,Phil Reberts, and Keesook Han,“Botnet Research Survey. ” 2008 32nd Annual IEEE International Computer Software and Applications Conference
[9] Guofei Gu, Junjie Zhang, and Wenke Lee,“BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic.”Security Conference 2008
[10] Kugisaki Y, Kasahara Y, Hori Y, Sakurai K,“Bot Detection Based on Traffic Analysis.”11-13 Oc. 2007, Page(s):303–306
[11] Shahrestani A, Ramadass S, Feily M,“A survey of Botnet and Botnetm Detection.”18-23 June 2009, Page(s):268 -273
[12] The Honeynet Project, http://www.honeynet.org/
[13] Basil AsSadhan, José M F, Moura, David Lapsley, Christine Jones, and W Timothy Strayer,“Detecting Botnets using Command and Control Traffic.”
[14] Wang Ping, Wang Jung-hsiang, Su Hao-Yi, Yen Po-Chang, Kuo Pu-Tsn,“僵屍網路的感染途徑重建與分析.”TANET 2008 臺灣網際網路研討會, Oc. 2008
[15] Mazzariello C,“IRC Traffic Analysis for Botnet Detection.”8-10 Sept. 2008, Page(s):318 – 323
[16] The IDS Snort,URL,
http://www.snort.org/dl/binaries/win32/
[17] Katsumi Ono,Isamu Kawaishi,Toshihiko Kamon,“Trend of Botnet Activities.”2007
[18] The NAGIOS Project, http://www.nagios.org/
[19] Carl Livadas, Bob Walsh, David Lapsley and Tim Strayer,“Using Machine Learning Techniques to Identify Botnet Traffic,”In 2nd IEEE LCN Workshop on Network Security (WoNS'2006), 2006
|