| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 林松輝 | zh_TW |
| DC.creator | Song-Hui Lin | en_US |
| dc.date.accessioned | 2011-7-28T07:39:07Z | |
| dc.date.available | 2011-7-28T07:39:07Z | |
| dc.date.issued | 2011 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=985202065 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 近年來,Fast-Flux Service Network (FFSN) 在網際網路上已經造成重大的威脅,它的成員主要來自大量遭惡意程式感染的電腦。攻擊者利用這類攻擊手法發起一系列的違法行為,舉凡分散式阻斷服務攻擊、發送垃圾郵件、架釣魚網站和散佈惡意程式等。由於 FFSN 本身具有高度的隱蔽性,我們難以將攻擊者繩之以法,也無法輕易摘除整個有害的網路服務。
在本篇論文中,我們發現一種簡單且新穎的特徵─difference,它是用來衡量一個 fast-flux 網域名稱其對應所有主機之負載平衡的變化程度。我們也提出了一套偵測系統 FFRTD,它使用 difference 特徵搭配 DNS 的查詢結果,讓我們可以在兩小時以內將一個全新的網域名稱分類成「正常 (benign)」或「fast-flux」。而由我們的方法中,在做分類的同時,並不需要存取資料庫,只需要利用培訓資料 (training data) 過程中所產生的門檻值 (ff-score threshold)。本研究的實驗結果證明,我們所提出的偵測系統能夠準確地判斷出身陷 FFSNs 的網域名稱,並且我們也開拓一個新的觀察視野,對於了解一個 fast-flux 網域名稱將會很有幫助。
| zh_TW |
| dc.description.abstract | FFSNs have become severe threats on the Internet in recent years. They consist of a large amount of compromised hosts for malicious activities such as launching DDoS, delivering spam mails, hosting phishing sites and distributing malicious programs. As a result of the highest concealment of FFSNs, it is really difficult to find out attackers and foil down the entire illegal networks. In this paper, we discovered a novel and simple feature, difference, which measures the degree of the load balance of all IP addresses in a domain name. And we also present FFRTD that can make a brand-new domain name be classified into benign and fast-flux ones by the difference with DNS lookup results within two hours. With our method, there is no need to access database but use the ff-score threshold we generated in the training phase while classifying domain names. According to experimental results, our proposed detection system, FFRTD, is able to accurately detect FFSNs. Furthermore, we contribute a new vision to observe the behavior of a fast-flux domain name.
| en_US |
| DC.subject | FFSN | en_US |
| DC.subject | RRDNS | en_US |
| DC.subject | CDN | en_US |
| DC.title | FFRTD: Beat Fast-Flux by Response Time Differences | en_US |
| dc.language.iso | en_US | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |