簡易檢索 / 詳目顯示
| 研究生: |
謝聖鴻 Shieh, Sheng-Hong |
|---|---|
| 論文名稱: |
基於多邊PageRank的點對點殭屍網路偵測方法之研究 A Peer-to-Peer Botnet Detection Scheme Based on Multi-edge PageRank |
| 指導教授: |
謝錫堃
Shieh, Ce-Kuen |
| 共同指導教授: |
張志標
Chang, Jyh-Biau |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2013 |
| 畢業學年度: | 101 |
| 語文別: | 英文 |
| 論文頁數: | 38 |
| 中文關鍵詞: | 殭屍網路偵測 、P2P 殭屍網路 、PageRank |
| 外文關鍵詞: | Botnet detection, P2P botnet, PageRank |
| 相關次數: | 點閱:128 下載:1 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著網路科技的進步,殭屍網路所帶來的危害日趨嚴重,在各種形式的殭屍網路中,尤以P2P型的殭屍網路較為難偵測,因此有研究將Google所使用來判斷網頁重要性的演算法,PageRank,引用到殭屍網路的偵測中,但此演算法僅依靠節點間的通訊關係當作判斷依據,所能獲得的資訊有限,因此在區分合法的P2P通訊及P2P病毒時,需仰賴密罐技術來輔助判斷。
有鑑於此,我們提出一個基於多邊PageRank的P2P botnet偵測方法,能夠分析網路流量日誌,從中歸納出各種行為特徵後,將這些特徵應用至PageRank的edge中,設計出一個關係圖建立之演算法,在不依靠密罐技術的情況下,偵測出新型態的P2P殭屍網路活動。
As technology getting advanced, the threats of botnet become more serious. In a variety of botnets, P2P botnet is especially difficult to detect. Therefore, the algorithms, PageRank, which Google used to determine the importance of web was applied to the botnets detection by some researches. However, it simply relied on communication relationship between nodes as the judgment, which can only obtain limited information. To determine between legitimate P2P communication and P2P botnets, honeypot technology was needed to assist.
In view of this, we proposed a multi-edge PageRank P2P botnet detection scheme to analyze network traffic logs, and summarized a variety of behavior characteristics. These characteristics are applied to the edge of PageRank to create a dependence graph, which can detect new types of P2P botnet without relying on honeypot technology.
1.Han, K.-S. and E.G. Im. A Survey on P2P Botnet Detection. in Proceedings of the International Conference on IT Convergence and Security 2011. 2012: Springer.
2.Grizzard, J.B., et al. Peer-to-peer botnets: Overview and case study. in Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets. 2007.
3.Sinclair, G., C. Nunnery, and B.-H. Kang. The Waledac protocol: The how and why. in Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on. 2009: IEEE.
4.Lemos, R., Bot software looks to improve peerage. 2006.
5.Maymounkov, P. and D. Mazieres, Kademlia: A peer-to-peer information system based on the xor metric, in Peer-to-Peer Systems. 2002, Springer. p. 53-65.
6.WASTE. Available: http://en.wikipedia.org/wiki/WASTE
7.Gu, G., et al. BotMiner: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. 2008: USENIX Association.
8.Zhang, J., et al. Detecting stealthy P2P botnets using statistical traffic fingerprints. 2011: IEEE.
9.Zhao, Y., et al., Botgraph: Large scale spamming botnet detection. Proc. of 6th NSDI, 2009.
10.Franc¸ois, J.o., et al. BotCloud: Detecting Botnets Using MapReduce. 2011: IEEE.
11.Page, L., et al., The PageRank citation ranking: Bringing order to the web. 1999.
12.François, J., et al., BotTrack: tracking botnets using NetFlow and PageRank. NETWORKING 2011, 2011: p. 1-14.
13.Dean, J. and S. Ghemawat, MapReduce: Simplified data processing on large clusters. Communications of the ACM, 2008. 51(1): p. 107-113.
14.Hadoop. Available: http://hadoop.apache.org
15.Yahoo! .Available: http://www.yahoo.com
16.IBM. Available: http://www.ibm.com
17.Facebook. Available: http://www.facebook.com
18.WordCount. Available: http://wiki.apache.org/common/docs/current/distcp.html
19.Nagaraja, S., et al. BotGrep: finding P2P bots with structured graph analysis. in Proceedings of the 19th USENIX conference on Security. 2010: USENIX Association.
20.EdgeRank. Available: http://techcrunch.com/2010/04/22/facebook-edgerank/
21.DNS list. Available: http://avasttw.blogspot.tw/2010/09/dns-ip-isp-google-dns.html
22.Open Malware. Available:http://oc.gtisc.gatech.edu:8080
23.F1 score. Available: http://en.wikipedia.org/wiki/F1_score
校內:2018-08-30公開校外:2018-08-30公開