姓名 |
黃勝獅(Sheng-shi Huang)
查詢紙本館藏 |
畢業系所 |
資訊工程學系 |
論文名稱 |
使用OpenFlow Switch分析偵測殭屍網路 (Botnet Traffic Analysis and Dectection by Using OpenFlow Switch)
|
相關論文 | |
檔案 |
[Endnote RIS 格式]
[Bibtex 格式]
[相關文章] [文章引用] [完整記錄] [館藏目錄] [檢視] [下載]- 本電子論文使用權限為同意立即開放。
- 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
- 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
|
摘要(中) |
殭屍網路,又稱魁儡網路,病毒會隨著e-mail、網址、通訊軟體、隨身碟及電腦漏洞,侵入電腦,並偽裝成一般的程式,使用者電腦通常在不知情的狀況下感染,電腦被感染後,會主動與駭客所設置的控制伺服器連線,當建立完連線之後,駭客就可以透過遠端遙控並從事惡意的行為。
殭屍網路早期主要是透過IRC通訊協定來作溝通,但由於其之前太過普及,大部分的公司都會直接將此通訊協定擋在防火牆之外,為了穿越防火牆,許多殭屍網路進而轉以HTTP及P2P協定來作溝通,本篇以HTTP的botnet病毒為研究重心,透過使用史丹佛大學開發的NetFPGA 搭配openflow switch的平台,藉其擁有快速導向的功能及虛擬網路的優點,可實際分析電腦感染後的行為,並將HTTP based 殭屍網路的控制方法找出,透過openflow switch的協助,通知受感染的使用者解毒,阻斷其與駭客之間的聯繫。
|
摘要(英) |
Botnet, also known as Zombie Network. Virus with the e-mail, website, communication software, USB device and computer vulnerabilities, hacking the computers and disguising as ordinary program, computer users often unknowingly infected. If the computer is infected as a botnet member, the victim computer will active set the hacker’s connection with Control & Command server. When the connection is set up completed, the hacker can remotely control and engage in malicious behavior.
Botnets in the early days through IRC protocol for communication, as early too popular ,most companies will directly block the protocol outside the firewall, in order to pass through the firewall, Many botnet then transferred to HTTP and P2P protocol to communicate.
This article focus on HTTP botnet virus, through the use of Stanford University developed NetFPGA with OpenFlow Switch platform, due to the OpenFlow switch has quick redirection and advantages of the virtual network, it can be the actual analysis of the behavior of infected computer and find out HTTP based botnet control methods, through OpenFlow Switch assistance ,notify the affected user ,blocking it with the link between hacker.
|
關鍵字(中) |
★ OpenFlow Switch ★ 殭屍網路 ★ 網路安全 |
關鍵字(英) |
★ OpenFlow Switch ★ Network security ★ Botnet |
論文目次 |
圖目錄
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 論文架構 2
第二章 相關研究 3
2.1 BlackEnergy DDoS Bot Analysis 3
2.2分析宙斯殭屍網路的犯罪工具 5
2.3 NOX - An OpenFlow Controller 6
2.4 OpenFlow Switch 7
2.5 透過封包分析偵測並瓦解殭屍網路 8
2.6 使用OpenFlow 交換器偵測Botnet 受害者與通知機制 10
第三章 系統設計和架構 12
3.1 目標 12
3.1 問題分析與對策 12
3.1.1 殭屍網路特性分析 12
3.1.2 HTTP 殭屍網路問題與對策 15
3.2 系統架構 17
3.3 系統流程 19
3.3 如何偵測殭屍網路 20
3.4 此系統是否適用其他類型的殭屍網路 20
第四章 實驗 22
4.1 實驗環境 22
4.2 系統架設及操作 23
4. 2.1 NOX Controller 23
4. 2.2 OpenFlow Switch 24
4. 2.3 Substitute Server 24
4.3 測試用宙斯bot 25
4.4 實驗一: 攔截宙斯病毒 28
4.5 實驗二: 攔截NAT後方之宙斯病毒 29
4.5 宙斯如何控制bot 31
4.6 通知中毒使用者 32
4.7 效能測試 33
4.8 實驗結果討論 36
第五章 結論及未來方向 37
參考文獻 38
附錄:研究論文計畫口試建議改進事項 40
|
參考文獻 |
[1] Chao Li, et. al.,”Botnet: Survey and Case Study”, 2009 Fourth Control, InternationalConference on Innovative Computing, Information and Kaohsiung,Taiwan, pp.1184-1187
[2] Thorsten Holz, Christian Gorecki “Measuring and Detecting Fast-Flux Service Networks”, 07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
[3] SANS Institute Author Retains Fulll right“Analysis of a Simple HTTP Bot”
[4] Ping Wang , Sherri Sparks,“An Advanced Hybrid Peer-to-Peer Botnet”, Dependable and Secure Computing, IEEE Transactions on, Volume : 7 pp. 113-127
[5] Jose Nazario, Ph.D., “BlackEnergy DDoS Bot Analysis” Arbor Networks
[6] H. Binsalleeh T. Ormerod ,”On the Analysis of the Zeus Botnet Crimeware” , Privacy Security and Trust (PST), 2010 Eighth Annual International Conference, Aug. 2010, page.31-38
[7] Natasha Gude, Teemu Koponen” NOX: Towards an Operating System for Networks” July 2008 ,ACM SIGCOMM Computer Communication Review , Volume 38 Issue 3
[8] http://www.openflow.org/ ,OpenFlow Switch Specication Version 1.1.0 Implemented
[9] 陳天豪 “Botnet Detection and Collapse based on Traffic Analysis” 國立中央大學資訊工程所碩士論文 98
[10] 彭士家 ”,Botnet Victim Detection and Notificationbased on Openflow Switch” 國立中央大學資訊工程所碩士論文 99
[11] Fabian Monrose and Andreas Terzis, ”A Multifaceted Approach to Understanding the Botnet Phenomenon” , Proceedings of the 6th ACM SIGCOMM conference on Internet measurement ACM New York, NY, USA ©2006 , ISBN:1-59593-561-4
[12] http://www.openflow.org/wk/index.php/CentOS_NetFPGA_Install
[13] http://noxrepo.org/noxwiki/index.php/NOX_Installation
[14] http://www.appservnetwork.com/
[15] The Honeynet Project & Research Alliance: Know Your Enemy: Fast-Flux Service Networks (2007), http://www.honeynet.org/papers/ff/fast-flux.html
|
指導教授 |
曾黎明(Li-Ming Tseng)
|
審核日期 |
2011-8-30 |
推文 |
facebook plurk twitter funp google live udn HD myshare reddit netvibes friend youpush delicious baidu
|
網路書籤 |
Google bookmarks del.icio.us hemidemi myshare
|