CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：19

、訪客IP：3.133.79.70

姓名

李家豪(CHIA-HAO LEE) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

(CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ PrivacyGuard：A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 ( 永不開放)

摘要(中)

現今手機或電腦上使用各式各樣的應用程式，而惡意程式嵌入在這其中的機率也愈來愈高．因而在未來的應用上，若沒有好好防範，殭屍網路(botnet)就會滲入其中，進而操控使用者的手機或電腦及奪取控制權。手機帶給了我們便利，然而使用上的安全性亦愈來愈受到重視。現實世界中，因為應用上情境的不同，以往在個人電腦上所使用的安全機制，雖然有些或許可以直接應用，但大部分的機制很有可能因為使用目的以及架構設計上的不同，使得過去以主機型電腦為討論對象的安全機制，在智慧型手機上似乎已經無用武之地。
智慧型手機（廣義來說，行動智慧型裝置）在現代社會扮演著重要的角色。隨著資訊時代網路上的各種應用，智慧型手機帶來了便利，但也引發相關的安全議題。本文提出一個利用來電顯示號碼（Caller ID），來做為殭屍網路在智慧型手機上的隱蔽通道，達成控制的一個可能方式：CIDP Treatment。為了加強傳遞上的效率，我們對於此新穎的隱蔽通道設計了一種處理這些號碼數字的無損編碼壓縮法 — 完全8度編碼（Perfect Octave Coding; P8 Coding）來最佳化此隱蔽通道的通訊傳輸效率。

摘要(英)

Nowadays we use a variety of applications on mobile phones or personal computers, and the probability of malware embedding is growing high. If there is not any robust prevention in the future, botnet will penetrate, and then manipulate the user’s mobile phones or computers and seize the authority of control. Mobile phones brought us much convenience, but also the safety of the use on it has been received more attention. In real world, because of the difference of application scenarios, the security mechanism on a personal computer in the past, although some may be directly applied, most likely seems to be no avail in smart phones, for the purpose of use as well as on different architecture.
Smart phones (broadly speaking, mobile smart devices) in modern society play an important role. With the applications on the network, smart phones bring the convenience, but also led to many related security issues. This paper presents a possible way, CIDP Treatment, to achieve the control of a mobile botnet by using caller ID numbers as an innovative covert channel. We design an innovative lossless data compression treatment -- Perfect Octave Coding (P8 Coding) for this new covert channel to enhance the efficiency of the data transmission.

關鍵字(中)

★ 資訊安全
★ 隱蔽通道
★ 智慧型手機
★ 編碼壓縮
★ 殭屍網路

關鍵字(英)

★ caller ID spoofing
★ covert channel
★ smart phone
★ data compression
★ mobile botnet

論文目次

摘要 i
Abstract ii
誌謝 iii
目錄 iv
圖目錄 vii
第一章緒論 1
1-1 研究背景 1
1-2 研究動機 2
1-3 研究目的 3
1-4 方法概述 4
1-5 章節架構 5
第二章背景介紹 7
2-1 手機的發展 7
2-2 Botnet介紹 8
2-3 手機與botnet的交會 9
2-4 Botnet與來電顯示號碼的交會 10
2-4-1智慧型手機的本質與安全 10
2-4-2 Botnet Story 12
2-4-3 Mobile Botnet Story 13
2-4-4 利用來電顯示號碼 14
第三章背景技術介紹 19
3-1 Caller ID Spoofing 19
3-2 Run-length Encoding 20
3-3 Windows Mobile與Win32 API 20
3-3-1 RegistrySetString() 20
3-3-2 RegistryNotifyCallback() 21
3-3-3 GetTickCount () 21
3-3-4 ShellExecuteEx () 21
3-3-5 CeMountDBVolEx () 21
3-3-6 CeDeleteRecord () 21
第四章 CIDP Treatment的系統架構 22
4-1 CIDP Treatment系統基本架構 22
4-2 架構元素 22
4-2-1 Caller Mechanism 22
4-2-2 Botmaster/Botherder 23
4-2-3 Victim 23
4-2-4 Client Bot 23
4-2-5 Something 23
4-3 隱匿通訊 24
4-4 本方法的優點-Three 0s(3 0s) 24
4-5 傳送指令 25
4-5-1 可下達指令的數量 26
4-5-2 電話號碼的來源 27
4-6 傳送二進位執行檔 28
第五章編碼壓縮 29
5-1 Perfect Octave Coding(P8 Coding) 29
第六章實驗方式與結果評估 37
6-1 實驗方式 37
6-2 實驗結果評估 38
6-2-1 時間 38
6-2-2 壓縮效能 38
6-2-3 費用和風險 39
6-2-4 防毒軟體偵測 40
第七章相關研究 41
7-1 Botnet偵測 41
7-1-1 Honeypot (Honeynet) 41
7-1-2被動式的網路流量監測及分析 41
7-2 Botnet的模式及隱蔽通道 42
7-3 在行動型裝置上的Botnet 42
7-4 Covert Channel 43
第八章結論與未來方向 45
8-1 結論 45
8-2 未來方向 46
參考文獻 48
附錄一修改來電顯示號碼相關的新聞 50
附錄二 Asterisk, Caller ID相關網頁資訊 52

參考文獻

[1] Yuanyuan Zeng, Kang G. Shin and Xin Hu. Design of SMS Commanded-and-Controlled and P2P-Structured Mobile Botnets. The University of Michigan. 2010. Technical Report .
[2] Schipka, Maksym. Dollars for downloading. Network Security. January 2009, Vol. 2009, 1, pp. 7-11.
[3] Consequences of Botnets Spreading to Mobile Devices. Anne Ruste Flø, Audun Jøsang. Oslo : s.n., 2009. the 14th Nordic Conference on Secure IT Systems (NordSec 2009).
[4] Mustaque Ahamad, Dave Amster. Emerging Cyber Threats Report for 2009. Georgia Tech Information Security Center (GTISC). 2008.
[5] Mulliner, Collin. Smartphone Botnets. 2010.
[6] Symbian worm Yxes: Towards mobile botnets ? Apvrille, Axelle. 2010. EICAR 2010.
[7] Evaluating Bluetooth as a Medium for Botnet Command and Control. Kapil Singh, Samrit Sangal, Nehil Jain, Patrick Traynor and Wenke Lee. Springer-Verlag Berlin, Heidelberg : s.n., 2010. DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment. 3-642-14214-1 978-3-642-14214-7.
[8] Injecting SMS Messages into Smart Phones for Security Analysis. Collin Mulliner, Charlie Miller. 2009. WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies .
[9] Rise of the iBots: 0wning a telco network. Seifert, Collin Mulliner and Jean-Pierre. Nancy, France : s.n., 2010. In the Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software (Malware).
[10] Perez, Sarah. More DroidDream Details Emerge: It was Building a Mobile Botnet. www.readwriteweb.com. [Online] March 7, 2011. http://www.readwriteweb.com/archives/droiddream_malware_was_going_to_install_more_apps_on_your_phone.php.
[11] Wenke Lee, Cliff Wang, David Dagon, [ed.]. Botnet Detection-Countering the Largest Security Threat. s.l. : Springer, 2008.
[12] A Survey of Botnet and Botnet Detection. Maryam Feily, Alireza Shahrestani, Sureswaran Ramadass. 2009. 2009 Third International Conference on Emerging Security Information, Systems and Technologies.
[13] A Framework for P2P Botnets. Su Chang, Linfeng Zhang, Yong Guan, Thomas E. Daniels. 2009. 2009 International Conference on Communications and Mobile Computing.
[14] A Taxonomy of Botnets. David Dagon, Guofei Gu, Cliff Zou, Julian Grizzard, Sanjeev Dwivedi, Wenke Lee, Richard Lipton. 2005. Proceedings of CAIDA DNS-OARC Workshop.
[15] Sebastian Zander, Grenville Armitage, Philip Branch. Covert Channels and Countermeasures in Computer Network Protocols. [ed.] Nelson L. S. da Fonseca. IEEE Communications Surveys & Tutorials. 10 December 2007, December 2007, Vol. 45, 12, pp. 136 - 142 .

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2011-7-22

推文