簡易檢索 / 詳目顯示

回結果列表
研究生: 林昶丞
Lin, Chang-Cheng
論文名稱: 以攻擊者角度為考量的點對點僵屍網路之設計與實作
Design and Implementation of a Peer-to-Peer Botnet: An Attacker's Perspective
指導教授: 林輝堂
Lin, Hui-Tang
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2009
畢業學年度: 97
語文別: 中文
論文頁數: 50
中文關鍵詞: 測試平台點對點通訊網路安全僵屍網路
外文關鍵詞: botnet, network security, testbed, peer-to-peer
相關次數: 點閱:147下載:2
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 近年來,僵屍網路(Botnet)已經成為許多網路攻擊事件的根本原因,僵屍網路是一群被攻擊者(Botmaster)操控的受害電腦,攻擊者利用僵屍網路進行電腦犯罪行為。目前關於僵屍網路的研究大多是以防禦端的思維為主,探討如何去偵測、防禦僵屍網路的入侵。此外,目前僵屍網路的研究大多以中央控管式(Centralized)的僵屍網路為主,但下一代的僵屍網路已逐漸將傳輸模式改為點對點 (Peer-to-Peer)通訊,這對於不久將來的潛在性攻擊而言,此種防禦性的思維可能無法有效地抵擋僵屍網路。因此,本研究以攻擊者的角度去探討點對點僵屍網路的運作。藉由這樣的觀點,本研究不僅可以更瞭解僵屍網路,而且也可以提供更有用的資訊給防禦端。對於傳統的僵屍網路而言,因為採用了中央控管機制(例如,IRC、HTTP),所以會存在一個單點失效問題(Single Point of Failure)的缺點。因此,防禦端只要把目標瞄準中央控管伺服器,就有可能藉機擊垮僵屍網路的運作。因此,本研究設計了一個點對點的僵屍網路架構並於測試平台(testbed platform)上進行實驗。由實驗結果顯示,本研究之僵屍網路架構比現今已存在的僵屍網路較難以被防禦追蹤、監視和攔截。

    Recently, the botnet become has an important research issue in network security. There is a significant amount of research in the literature. Most current research investigates this issue from the view point of defense, always focusing on how to detect and defend the intrusion of the botnet. On the other hand, conventional botnets, such as IRC and HTTP, are typically applying a centralized mechanism. Therefore, this thesis takes a different approach. The defense strategies developed for detecting these botnets usually explore the weakness of the single point of failure. However, in the future, botnets are very likely to evolve from the centralized scheme to a peer-to-peer architecture. Thus, the current botnet detection and defense schemes may no longer be effective. Therefore, in this thesis, we investigate a peer-to-peer botnet from an attacker’s perspective. We attempt to develop a robust peer-to-peer botnet. The proposed peer-to-peer botnet is implemented on a testbed. The experiment data collected from the testbed have shown that our proposed peer-to-peer botnet is harder to be tracked, monitored, and hijacked by the defenders. In doing so, the lessons we learn from the perspective of an attacker can be used to catch the trend of the future evolution of botnets and develop an effective counter strategy.

    中文摘要 i 英文摘要 iii 誌謝 v 目錄 vi 圖目錄 viii 表目錄 ix 第一章 1 緒論 1 1.1 研究背景 1 1.2 研究動機 2 1.3 研究目的與論文架構 2 1.3.1 研究目的 2 1.3.2 論文架構 3 第二章 4 相關研究與文獻探討 4 2.1 Botnet 4 2.1.1 Botnet簡介 4 2.1.2 Command and Control 6 2.2 P2P Botnet Design 9 2.2.1 一個先進混合式的點對點僵屍網路 (An Advanced Hybrid Peer-to-Peer Botnet) 9 2.2.2 邁向新世代的僵屍網路 (Towards Next-Generation Botnets) 11 2.2.3 點對點僵屍網路: 概述與案例探討 (Peer-to-Peer Botnets: Overview and Case Study) 12 2.3 總結 15 第三章 16 系統架構與設計 16 3.1 網路環境設定及假設 16 3.2 系統設計 17 3.2.1 公開金鑰加密機制 17 3.2.2 回報機制 22 3.2.3 犧牲機制 26 3.3 探討 31 第四章 33 系統實驗及結果 33 4.1 實驗環境及設定 33 4.2 感染階段 36 4.3 控管階段 40 第五章 47 結論 47 參考文獻 49

    [1] B. McCarty, “Botnets: Big and Bigger,” IEEE Security & Privacy, vol. 1, issue 4, pp. 87-90, July-Aug. 2003.
    [2] T. Holz, “A short visit to the bot zoo,” IEEE Security & Privacy, vol. 3, issue 3, pp. 76-79, May-June 2005.
    [3] D. Dagon, C. Zou and W. Lee, “Modeling botnet propagation using thime zones,” in Proceeding of NSDD, 2006.
    [4] V. Ricardo and J. C. Brustoloni, “Identifying Botnets Using Anomaly Detection Techniques Applied to DNS Traffic,” in Proceeding of CCNC, 2008.
    [5] H. Choi, H. Lee and H. Kim, “Botnet Detection by Monitoring Group Activities in DNS Traffic,” in Proceeding of CIT, 2007.
    [6] P. Wang, S. Sparks and C. Zou, “An Advanced Hybrid Peer-to-Peer Botnet,” IEEE Transactions on Dependable and Secure Computing, issue 99, pp. 1-1, July, 2008.
    [7] R. Hund, M. Hamann and T. Holz, “Towards Next-Generation Botnets,” in Proceeding of EC2ND, 2008.
    [8] B. G. Julian, S. Vikram, N. Chris, B. K. Brent and D. David, “Peer-to-Peer botnets: overview and case study,” in Proceeding of HotBots, 2007.
    [9] 王旭正 何宏叡,ICCL-資訊密碼暨建構實驗室,”資訊與網路安全 秘密通訊與數位鑑識新技法” 博碩文化, 2006.
    [10] Z. Zhu, G. Lu, Y. Chen, Z. J. Fu, P. Roberts and K. Han, “Botnet Research Survey,” in Proceeding of COMPSAC, 2008.
    [11] C. Feng, Z. Qin, L. Cuthbet and L. Tokarchuk, "Propagation Modeling of Passive Worms in P2P Network," in Proceeding of CIS 2008.
    [12] 國立成功大學資通安全研究與教學中心Testbed@TWISC http://testbed.ncku.edu.tw
    [13] H.Husna, S. Phithakkitnukoon and R. Dantu, “Traffic Shaping of Spam Botnets,” in Proceeding of CCNC, 2008.
    [14] I. Arce and E. Levy, “An analysis of the slapper worm,” IEEE Security & Privacy Magazine, vol. 1, no. 1, pp. 82-87, Jan. 2003.
    [15] Sinit P2P Trojan analysis, http://www.lurhq.com/sinit.html.
    [16] Phatbot Trojan analysis, http://www.lurhq.com/phatbot.html.
    [17] R. Lemos, “Bot software looks to improve peerage,” http://www.securityfocus.com/news/11390.
    [18] E. Cooke and F. Jahanian, “The Zombie Roundup: Understanding, Detecting and Disrupting Botnets,” USENIXSRUTI Workshop 2005.
    [19] M.Alkiyama, T. Kawamoto, M. Shimamura, T. Yokoyama, Y. Kadobayashi and S. Yamaguchi, “A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior,” in Proceeding of SAINT 2007.
    [20] J. Govil and G. Jivika, “Criminology of Botnets and their detection and defense methods,” in Proceeding of ITCC 2007.
    [21] Y. Kugisaki, Y. Kasahara, Y. Hori and K. Sakurai, “Bot Detection Based on Traffic Analysis,” in Proceeding of IPC 2007.
    [22] J. Govil, “Examining the Criminology of Bot Zoo,” in Proceeding of ICICS 2007.
    [23] R. Schoof & R. Koning, “Detecting peer-to-peer botnets,” http://staff.science.uva.nl/~delaat/sne-2006-2007/p17/report.pdf.
    [24] Nummipuro, “Detecting P2P-Controlled Bots on the Host,”http:// www.tml.tkk.fi/Publications/C/25/papers/Nummipuro_final.pdf.
    [25] A. Kolupaev and J. Ogijenlo, “CAPTCHAs: Humans vs. Bots,” IEEE Security & Privacy, vol. 6, no. 1, pp. 68-70, Jan./Feb. 2008.

    下載圖示 校內:2011-07-21公開
    校外:2011-07-21公開
    QR CODE