簡易檢索 / 詳目顯示
| 研究生: |
呂宗達 Lu, Zong-Ta |
|---|---|
| 論文名稱: |
一個多類型殭屍網路之深度學習分類器 A Multi-type Botnet Classifier Using Deep Learning |
| 指導教授: |
謝錫堃
Shieh, Ce-Kuen |
| 共同指導教授: |
張志標
Chang, Jyh-Biau |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2019 |
| 畢業學年度: | 107 |
| 語文別: | 英文 |
| 論文頁數: | 39 |
| 中文關鍵詞: | 殭屍網路 、惡意軟體 、深度類神經網路 、網路流 、會話特徵 |
| 外文關鍵詞: | Botnet, Deep neural network, NetFlow, Session features |
| 相關次數: | 點閱:106 下載:1 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
本研究以深度學習方式開發一個多類型殭屍網路分類器,目標為針對BotCluster分析結果之大量惡意網路會話,更深入地區分不同種類殭屍網路行為。建構多隱藏層的人工神經網路,於真實流量中學習會話與各類別殭屍網路之關聯性,並且在偵測到惡意會話後準確地預測其可能之殭屍網路型態。本研究針對廣泛感染的殭屍網路種類,並參考賽門鐵克年度網路威脅報告書,選擇近期主要出現的殭屍網路種類。實驗評估表明,對於15個流行的殭屍網路類別,研發出之分類器能達到最高平均81.78%準確度,以及最低1.29%誤報率。透過此分類器能深度地分辨15個盛行的殭屍網路之網路會話,有助於個人用戶以及網路管理者找到合適地解決方法並在未來進一步終止它們。
This thesis developed a deep learning multi-type botnet classifier, which aims to further distinguish the big amount of malicious network sessions from BotCluster results between different categories of botnet. Constructing the multi-layer artificial neural network to learn the relationship between sessions and botnet types from real traffic, we can accurately predict the corresponding botnet type when encountering a malicious session. We focus on the well-known botnet types which are most widespread, and also take the Symantec yearly threat report as a reference to choose the majority botnet types recently. The experimental evaluation shows that the classifier can give the highest average TPR rate of 81.78% with the lowest false positive rate of 1.29% for respectively fifteen popular botnet categories. Through our classifier to identify the sessions of fifteen notorious botnets in-depth which benefit the personal users and network managers to find the right antidotes against them and take them down in the future.
[1] A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks, 2016
[2] C.-Y. Wang, C.-L. Ou, Y.-E. Zhang, F.-M. Cho, J.-B. Chang, and C.-K. Shieh, "BotCluster: A Session-based P2P Botnet Clustering System on NetFlow," Computer Networks, 2018
[3] A tutorial survey of architectures, algorithms, and applications for deep learning, 2014.
[4] NetFlow, https://en.wikipedia.org/wiki/NetFlow
[5] Windows 7 and Windows 2008, https://en.wikipedia.org/wiki/Windows_7
[6] Google, https://zh.wikipedia.org/zh-tw/Google
[7] Facebook, https://en.wikipedia.org/wiki/Facebook
[8] DBSCAN, https://en.wikipedia.org/wiki/DBSCAN
[9] Shao-Chien Chen, Yi-Ruei Chen, Wen-Guey Tzeng, “Effective Botnet Detection Through Neural Networks on Convolutional Features.”, 17th IEEE TrustCom/12th IEEE BigDataSE, pp.372-378, 2018
[10] CNN, https://en.wikipedia.org/wiki/Convolutional_neural_network
[11] B. Rahbarinia, R. Perdisci, A. Lanzi, K. Li, “PeerRush: Mining for unwanted p2p traffic”, Journal of Information Security and Applications, Vol. 19, no3, pp.194-208, 2014
[12] Garca, S., Grill, M., Stiborek, J., Zunino, A., “An empirical comparison of botnet detection methods.” Comput. Secur. Vol. 45, pp.100-123, 2014
[13] FV. Alejandre, NC.Cortes, EA. Anaya, ”Feature selection to detect botnets using machine learning algorithms”, CONIELECOMP, pp.1-7, 2017
[14] Genetic algorithm, https://en.wikipedia.org/wiki/Genetic_algorithm
[15] C4.5, https://en.wikipedia.org/wiki/C4.5_algorithm
[16] ISOT, https://www.uvic.ca/engineering/ece/isot/datasets/
[17] ISCX, Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A., “Toward developing a systematic approach to generate benchmark datasets for intrusion detection”, Comput. Secur. vol. 31, pp. 357-374, 2012
[18] PAA Resende, AC Drummond, ”HTTP and contact-based features for Botnet detection”, Security and Privacy, 2018
[19] Apache Spark, https://en.wikipedia.org/wiki/Apache_Spark
[20] Jos van Roosmalen, Harald Vranken, Marko van Eekelen, “Applying deep learning on packet flows for botnet detection”, Proceedings of the 33rd Annual ACM Symposiunm on Applied Computing, SAC, 2018, pp.1629-1636
[21] P. Vincent, H. Larochelle, I. Lajoie, Y. Bengio, and P.-A. Manzagol, “Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion.” In Proceedings of the 27th International Conference on Machine Learning, pp. 3371–3408. ACM, 2010
[22] Apache Hadoop, http://hadoop.apache.org/
[23] Lawrence Berkeley National Lab dataset, https://powerdata.lbl.gov/
[24] Storm, https://en.wikipedia.org/wiki/Storm_botnet
[25] Waledac, https://en.wikipedia.org/wiki/Waledac_botnet
[26] Zero Access, https://en.wikipedia.org/wiki/ZeroAccess_botnet
[27] Zeus, https://en.wikipedia.org/wiki/Zeus_(malware)
[28] Zhihong Zhou, Lihong Yao, Jianhua Li, Bin Hu, Chen Wang, Zhenglong Wang, “Classification of botnet families based on features self-learning under Network Traffic Censorship”, 3rd International Conference on Security of Smart Cities, Industrial Control System and Communications, SSIC, 2018, pp.1-7
[29] Azqa Nadeem, Christian Hammerschmidt, Carlos H. Ganan, Sicco Verwer, “MalPaCA: Malware Packet Sequence Clustering and Analysis”, arXiv:1904.01371v1, 2019
[30] Bushra A. AlAhmadi, Ivan Martinovic, “MalClassifier: Malware Family Classification Using Network Flow Sequence Behaviour”, APWG Symposium on Electronic Crime Research, 2018, pp.1-13
[31] n-gram, https://en.wikipedia.org/wiki/N-gram
[32] KNN, https://en.wikipedia.org/wiki/K-nearest_neighbors_algorithm
[33] Random Forest, https://en.wikipedia.org/wiki/Random_forest
[34] PCA, https://en.wikipedia.org/wiki/Principal_component_analysis
[35] Stratosphere IPS Project, https://www.stratosphereips.org/
[36] Farhan Tariq, Shamim Baig, “Multiclass Machine learning based botnet detection in software defined networks”, International Journal of Computer Science and Network Security (IJCSNS), Vol.19, no.3, 2019
[37] SDN, https://en.wikipedia.org/wiki/Software-defined_networking
[38] Temesguen Messay Kebede, Ouboti Djaneye-Boundjou, Barath Narayanan Narayanan, Anca Ralescu, “Classification of Malware Programs using Autoencoders based Deep Learning Architecture and its Application to the Microsoft Malware Classification Challenge (BIG 2015) Dataset”, IEEE National Aerospace and Electronics Conference (NAECON), 2018, pp.70-75
[39] National Center for High-performance Computing (NCHC), https://www.nchc.org.tw/en
[40] TWCC, https://www.nchc.org.tw/posts/ldNhT5vHrL
[41] TensorFlow, https://www.tensorflow.org/
[42] ANN, https://en.wikipedia.org/wiki/Artificial_neural_network
[43] DOWN,https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/pe_down.a
[44] Peacomm,https://www.symantec.com/security-center/writeup/2007-011917-1403-99
[45] Skype, https://en.wikipedia.org/wiki/Skype
[46] eMule, https://www.emule-project.net/home/perl/general.cgi?l=42
[47] μTorrent, https://www.utorrent.com/intl/zh_tw/downloads/win
[48] Frostwire, https://www.frostwire.com/
[49] Vuze, https://www.vuze.com/
[50] Sality, https://en.wikipedia.org/wiki/Sality
[51] Agobot, https://en.wikipedia.org/wiki/Agobot
[52] Ramnit, https://en.wikipedia.org/wiki/Ramnit
[53] Jadtre, https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:Win32/Jadtre.A
[54] Android bot, https://en.wikipedia.org/wiki/Mobile_malware
[55] Rbot, https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32%2FRbot
[56]Wapomi,https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/wapomi
[57] Kelihos, https://en.wikipedia.org/wiki/Kelihos_botnet
[58]Parite,https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/PE_PARITE.A-O
[59]Coinminer,https://www.symantec.com/security-center/writeup/2018-031215-5453-99
[60] Virut, https://en.wikipedia.org/wiki/Virut
[61]Pinfi, https://www.symantec.com/security-center/writeup/2003-011708-2030-99
[62] Symantec Internet Threat Report, Vol. 23, 2018
校內:2020-08-01公開校外:2020-08-01公開