博碩士論文 100552005 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:14 、訪客IP:3.80.218.53
姓名 張雅晴( Ya-Ching Chang)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(Detect Web-Based Botnet according to Bot communication traffic)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 ( 永不開放)
摘要(中) 有感於殭屍網路(botnet) 越來越龐大,早期的botnet 是透過
IRC(Internet Relay Chat) 通訊協定取得bot client 的控制權,再加以
癱瘓網路,或是從事不法行為獲取高額收益;例如: 策動阻斷式服務攻
擊(DDoS),寄送垃圾/廣告郵件(Spam),竊取資料...等等。由於早
期botnet 普遍使用IRC 為主要的通訊協定,導致早期botnet 防堵方
式就是一律不接受IRC 協定的封包,相對於防堵方式,殭屍網路也慢
慢演化,因為目前電腦的使用行為大多是以瀏覽網頁為主,因此http/
port 80 是所有電腦絕對接受的協定與封包,從而發展出使用http/
port 80 為主的web-based botnet,導致對於殭屍網路的防堵不能再以
拒絕接收殭屍網路使用通訊協定來避免殭屍網路的感染,因此近期興
起的殭屍網路都是以web-based 殭屍網路為主。
本篇論文希望可以找出web-based botnet 的中繼站(C&C Server)
伺服器位址(IP Address),論文的研究方法基於對botnet 的認識,從
而發展出分析模組,模組會先比較bot client 與C& C Server 溝通行
為和正常提供網路服務伺服器(web server) 與使用者(user) 之間溝通
行為兩者的差異,比較的方式是觀察兩種不同溝通方式的封包資訊差
異,差異內容包括單位時間內傳送封包的平均封包位元組(Bytes) ﹑
存取次數以及相同時間區段重複存取的次數...等等,接著,參考觀
測的數據,設定基準值來判斷正常網路流量與不正常botnet 溝通流
量。分析數據為了更貼近真實結果,蒐集真實環境流量記錄檔再使用
分析模組找出web-based botnet 的C&C server(中繼站) 網路位址。
摘要(英) Up to now, botnet had been growing up rapidly and strongly.
Whereas in the past, botnets worked through IRC (Internet Relay Chat)
protocol to manipulate the bot clients and use bot clients to paralyze the
internet or gain tremendous profit by illegal operation such as DDoS,
Spam, sniffer traffic...etc. Also, since the IRC is the key communication
protocol for botnets. The best way to prevent it is to deny all IRC
packets. But, these days, the main activity of all users is to surfing on
the websites, users can’t deny all internet traffic to defense botnet.
Therefore, botnet is evolved to be the web-based botnet because uses
will accept all internet (http/port 80) traffic. That is, we could not defense
the web-based botnet by refusing the IRC traffic anymore. That
is why the existence and emergence of web-based botnet recently.
The objective of this thesis is to find the C&C server IP address
of the web-based botnet. The way to develop analysis modules is based
on the knowledge of botnets and the result of compare communication
pattern between bot clients with C&C server and web server with uses.
By observing the differences of communication pattern and the packet’
s information such as the average bytes of packets, access count and
number of access host group within unit time…etc. Further, by referring
to these data, we could be able to provide a baseline value to distinguish
normal or abnormal web traffic. In sum, we try to get the real world
results, so we collect the real traffic and use our modules to find the
C&C Server IP address of web-based botnets.
關鍵字(中) ★ 殭屍網路
★ 偵測疆屍網路
關鍵字(英) ★ botnet
★ web-based botnet
★ botnet detection
論文目次 中文摘要. . . . . i
英文摘要. . . . . iii
謝誌. . . . . . . . v
目錄. . . . . . . . vii
圖目錄. . . . . . ix
表目錄. . . . . . xi
一、緒論. . . . . . 1
1-1 背景與目的. . . . . . . . 2
1-2 方法概述. . . . 3
1-3 論文結構. . . . 3
二、背景知識. . . . 5
2-1 Botnet 簡介. . . . . . . . 5
2-1-1 Botnet . . . . . 5
2-1-2 Botnet 組成與類型. . . . 6
2-1-3 HTTP-Based Botnet . . . 8
2-1-4 Botnet 的影響. . . . . . . 8
2-2 NetFlow . . . . 8
2-2-1 Netflow V5 . . . . . . . . 10
三、相關研究. . . . 11
3-1 Honeypot . . . 11
3-2 Traffic pattern . . . . . . . 11
四、分析模型設計與實作. . . 13
4-1 Host Repeat Module . . . 15
4-2 Payload Size Module . . . 18
五、實驗結果. . . . 23
5-1 Training Phase . . . . . . 23
5-2 實驗數據與結果. . . . . . 24
六、結論與未來工作. . . . . . 25
參考文獻. . . . . 27
參考文獻 [1] Top 10 Countries with the Most Number of Botnet C&C Servers.
Trend Micro Incorporated.,2013
http://www.trendmicro.com/us/security-intelligence/
current-threat-activity/malicious-top-ten/index.html
[2] McAfee Threats Report: Second Quarter 2013. McAfee,Inc.,2013.
http://www.mcafee.com/us/resources/reports/
rp-quarterly-threat-q2-2013.pdf
[3] 什麼是殭屍網路/傀儡網路Botnet? TREND 雲端運算安全趨勢
BLOG 部落格,2009.
http://domynews.blog.ithome.com.tw/post/1252/58742.
[4] 吳俊達,Botnet 殭屍網路:無聲的主流威脅恐使電腦使用者成罪犯
TREND 雲端運算安全趨勢BLOG 部落格,2009.
http://domynews.blog.ithome.com.tw/post/1252/58742.
[5] Vitaly Kamluk, The botnet business www.securelist.com,2008.
http://www.securelist.com/en/analysis/204792003/
[6] Botnets 101 What They Are and How to Avoid Them FBI,2013.
http://www.fbi.gov/news/news_blog/botnets-101
[7] NetFlow Services Solutions GuideCisco,2007.
http://www.cisco.com/en/US/docs/ios/solutions_docs/
netflow/nfwhite.pdf
[8] Know Your Enemy:Honeynets 2006.
http://old.honeynet.org/papers/honeynet/
[9] Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai Web Botnet Detection
Based on Flow Information Department of Information Management,
National Sun Yat –Sen University, Kaohsiung, Dec. 2010.
[10] K. Wang et al.A fuzzy pattern-based filtering algorithm for botnet
detection Comput. Netw. (2011)
[11] B. McCarty. Botnets: big and bigger IEEE Security and Privacy 1
(4)(2003) 87–90.
[12] C. Livadas, R. Walsh, D. Lapsley, W.T. Strayer. Usilng machine
learning technliques to identify botnet traffic in: Proceedings of the
31st IEEE Conference on Local Computer Networks, IEEE, 2006,
pp. 967–974
[13] H. Choi, H. Lee, H. Lee, H. Kim. Botnet detection by monitoring
group activities in DNS traffic in: Proceedings of the 7th IEEE
International Conference on Computer and Information Technology,
2007, pp.715–720.
[14] Frederic Giroire, Jaideep Chandrashekar, Nina Taft, Eve Schooler,
Dina Papagin-naki. Exploiting Temporal Persistence to Detect
Covert Botnet Channels Recent Advances in Intrusion Detection,
2009.
[15] Peter Wurzinger and Leyla Bilge. Automatically Generating Models
for Botnet Detection European Symposium on Research in Computer
Security, 2009.
[16] Guofei Gu, Junjie Zhang, Wenke Lee. BotSniffer: Detecting Botnet
Command and Control Channels in Network Traffic Network and
Distributed System Security,2007.
[17] Guofei Gu, Roberto Perdisci, Junjie Zhang, Wenke Lee. BotMiner:
Clustering Analysis of Network Traffic for Protocol- and Structure-
Independent Botnet Detection Proceedings of the 17th conference
on Security symposium, 2008.
[18] Yuanyuan Zeng, Xin Hu, Kang Shin. Detection of Botnets Using
Combined Host and Network-Level Information International Conference
on Dependable Systems & Networks, 2008.
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2014-1-27
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明