簡易檢索 / 詳目顯示
| 研究生: |
蘇誌航 Su, Chih-Hang |
|---|---|
| 論文名稱: |
透過跨網域NetFlow分析增強P2P殭屍網路偵測 Enhancing P2P Botnet Detection through Cross-Domain NetFlow Analysis |
| 指導教授: |
謝錫堃
Shieh, Ce-Kuen |
| 共同指導教授: |
張志標
Chang, Jyh-Biau |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2019 |
| 畢業學年度: | 107 |
| 語文別: | 英文 |
| 論文頁數: | 23 |
| 中文關鍵詞: | 點對點殭屍網路 、單一網域 、跨網域 、網路流 |
| 外文關鍵詞: | P2P Botnet, Single-Domain, Cross-Domain, NetFlow |
| 相關次數: | 點閱:179 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
點對點殭屍網路對網際網路照成了許多問題,例如分散式阻斷服務(DDoS)攻擊、垃圾郵件、個人資料竊取等等。如果我們能找到一個方法來有效率的抓出殭屍網路,便能更快的將它們癱瘓,讓網際網路的使用更加安全。
在本實驗室的前項研究裡,基於相似度點對點殭屍網路偵測演算法利用點對點殭屍網路的高相似行為之特性,從真實網路流中歸納出殭屍網路的行蹤。前述演算法可用來找出單一網域中的殭屍網路。不過在跨網域的環境裡,可能存在須以跨網域視野才得以發掘的殭屍網路。
在本篇論文中,我們提出一個能利用跨網域視野的方法來加強原本的點對點殭屍網路偵測演算法,找出藏身在多個網域中的殭屍網路。
Peer-to-peer(P2P) Botnets cite{web:botnet} have caused many problems in the Internet such as Distributed Denial-of-Service attack(DDoS), mail spam, identity theft, etc. If we can find a way to find out these botnets very efficiently, then we'll be able to shut down them more quickly, and make the Internet safer to use.
In our previous research, the Similarity-based P2P Botnet Detection Algorithm utilizes the high similar behaviors of P2P Botnet, and inducts botnets from real traffic NetFlow. This algorithm is used to find Botnet in single-domain, but it may be possible that a Botnet appears in more than one domain. In the case of the cross-domain, there should be some Botnets that are only detectible with cross-domain's view.
In this paper, we propose a method to enhance our previous P2P Botnet Detection, which utilizes the bigger sight of cross-domain to find the botnets hide in multiple domains.
[1] Bots and botnets – the most dangerous threat on the internet - bull- guard. https://www.bullguard.com/zh-tw/bullguard-security-center/ internet-security/internet-threats/bots-and-botnets.
[2] Dns clients and timeouts. blogs.technet.com/b/stdqry/archive/2011/12/15/ dns-clients-and-timeouts-part-2.aspx.
[3] Euclidean distance. https://en.wikipedia.org/wiki/Euclidean_distance.
[4] Tcpinitialrtt. https://technet.microsoft.com/en-us/library/cc938207.aspx.
[5] Tcpmaxconnectretransmissions. https://technet.microsoft.com/en-us/library/cc938209.aspx.
[6] Virustotal.https://www.virustotal.com.
[7] Pin-Hao Chen. Study on deep neural network approach to p2p botnet detection. Institute of Computer and Communication Engineering Master’s Thesis, National Cheng Kung University, Tainan, Taiwan, 2018.
[8] Jeffrey Dean and Sanjay Ghemawat. Mapreduce: Simplified data processing on large clusters. Commun. ACM, 51(1):107–113, January 2008.
[9] Sheng-Min Hsu. A similarity-based p2p botnet detection algorithm for inter-domain netflow analysis. Institute of Computer and Communication Engineering Master’s The- sis, National Cheng Kung University, Tainan, Taiwan, 2016.
[10] Mu-LinHuang. A streaming p2p botnet quick detection system based on group features of botcluster. Institute of Computer and Communication Engineering Master’s Thesis, National Cheng Kung University, Tainan, Taiwan, 2018.
[11] Chun Yu Wang, Chi Lung Ou, Yu En Zhang, Feng Min Cho, Pin Hao Chen, Jyh Biau Chang, and Ce-Kuen Shieh. Botcluster: A session-based p2p botnet clustering system on netflow. Computer Networks, 145:175–189, 11 2018.
校內:2024-07-01公開校外:不公開