簡易檢索 / 詳目顯示
| 研究生: |
高瑋辰 Kao, Wei-Chen |
|---|---|
| 論文名稱: |
使用社群網路中心性於惡意網/網站威脅分析之研究 Using Social Network Centrality to Analyze the Threatness of Malicious Web Pages/Sites |
| 指導教授: |
楊竹星
Yang, Chu-Sing |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2014 |
| 畢業學年度: | 102 |
| 語文別: | 英文 |
| 論文頁數: | 53 |
| 中文關鍵詞: | 社群網路 、社群網路中心性 、惡意網頁 、客戶端誘捕系統 |
| 外文關鍵詞: | Social Network Analysis, Social Network Centrality, Malicious Website, Client Honeypot |
| 相關次數: | 點閱:100 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
在過去的十年裡,網際網路的發展已經遠遠超過大部分學者的預計。由於這個原因,網絡犯罪攻擊已經從伺服器端攻擊轉移到客戶端攻擊。打擊用戶端攻擊的主要方式是透過客戶端誘捕技術檢測惡意網站並且公布網域黑名單,並且讓有管理權力者處理。然而,這項技術缺乏視覺化分析,以了解多個惡意網站間的整體鏈接結構,並以整體鏈結結構的角度去排名惡意網域或惡意網頁的危脅程度。
在本研究中,我們提出了以客戶端誘捕系統日誌建構可視化社會圖的表示方法。為了增加可視化社會圖的可讀性,並從他們的整體鏈接結構排名惡意網站或網頁的重要性,我們發展出圖案檢測演算法應用在可視化社會圖上 。此外,我們應用社會網絡中心性的測量並加入權重鏈結屬性函數去排名的威脅程度,其中包括:( 1 )高度危險網站(Katz centrality), ( 2 )高關鍵性網頁(Betweenness centrality), ( 3 )熱門惡意軟件(Weighted PageRank algorithm)。
Over the past ten years, the Internet has grown far behind anything that all researchers could have anticipated. For the reason, the cybercriminal attack has shifted away from server-side attack to client-side attack. A primary defense to combat client-side attacks is to detect malicious websites and publish their domains on blacklists and then take them over by the authority through client honeypot technology. However, the weakness for this technology is lack of visualizing analysis to understand the cooperating relationships between multiple malicious websites and ranking threatness of malicious websites by incorporating the overall link structures from and to the domain.
In this research, we proposed an approach to build sociogram representations to visualize multiple client honeypot logs. In order to simplify repeated link characteristics for aiding visualization readability and ranking the importance of malicious hosts from their overall link structure, motifs detection algorithm is developed to the socialgram. In addition, we applied social network centrality measurements incorporating the weighted link attributes functions to rank the threatness including (1) High-threatness hostname Katz centrality, (2) Critical URLs connectivity by betweenness centrality, (3) Malware Popularity by weighted PageRank algorithm. Finally, several interesting findings were explored by socializing analysis.
[1] Internet World Stats. Available:
http://www.internetworldstats.com/stats.htm
[2] Client Honeypot. Available: http://en.wikipedia.org/wiki/Client_honeypot
[3] Securityfocus. Available: http://www.securityfocus.com/
[4] Capture-HPC. Available: http://capture-hpc.sourceforge.net/
[5] Honeyclient. Available: http://www.honeyclient.org/trac/
[6] HoneyMonkey. Available: http://research.microsoft.com/HoneyMonkey/
[7] THUG. Available: https://github.com/buffer/thug
[8] MAEC. Available: http://maec.mitre.org/
[9] HoneyC. Available:
https://projects.honeynet.org/honeyc/wiki/AboutHoneyC
[10] Money-Spider. Available:http://monkeyspider.sourceforge.net/
[11] Phoneyc. Available: https://code.google.com/p/phoneyc/
[12]Google’s Safe Browsing API. Available:
https://developers.google.com/safe-browsing/
[13]Microsoft’s SmartScreen Filter. Available:
http://windows.microsoft.com/en-us/internet-explorer/products/ie-9/features/smartscreen-filter
[14] Facebook. Available:https://www.facebook.com/
[15] Myspace . Available:https://myspace.com/
[16] LinkedIn. Available: https://www.linkedin.com/
[17] M. Jamali and H. Abolhassani, "Different Aspects of Social Network Analysis", in the IEEE/WIC/ACM International Conference on Web Intelligence (WI'06), Hong Kong, December 2006.
[18] Wasserman, Stanley, & Faust, Katherine. (1994). Social Network Analysis: Methods and Applications. Cambridge: Cambridge University Press. ISBN 0-521-38269-6
[19] Bonacich, P (1972) Factoring and weighting approaches to clique identification. Journal of Mathematical Sociology 2: 113–120.
[20] Bonacich P (2007) Some unique properties of eigenvector centrality. Social
Networks 29: 555–564
[21] Langville A, Meyer C (2006) Google’s PageRank and Beyond: The Science of Search Engine Rankings Princeton University Press, ISBN 0-691-12202-4.
[22] E. Atsan, Ö. Özkasap, Applicability of Eigenvector Centrality Principle to Data Replication in MANETs, 22nd International Symposium on Computer and Information Sciences (ISCIS), Ankara, Nov 2007.
[23] Katz, L. (1953). A New Status Index Derived from Sociometric Index. Psychometrika, 39-43.
[24] Phuong Duy Pham, Measuring Centraility of Facebook Comments. Available:
http://www.cs.ucdavis.edu/~bai/ECS231/returnsfinal/Pham.pdf
[25] The PageRank Algorithm. Available: http://pr.efactory.de/e-pagerank-algorithm.shtml
[26] Ricardo Baeza-Yates and Emilio Davis ,"Web page ranking using link attributes" , In proceedings of the 13th international World Wide Web conference on Alternate track papers & posters, PP.328-329, 2004.
[27]Hpfeeds. Available: http://hpfeeds.honeycloud.net/
[28]Kibana. Available: http://www.elasticsearch.org/
[29] D3.js. Available: http://d3js.org/
[30] HeliousJS. Available:http://entrendipity.github.io/helios.js/
[31] NetworkX. Available:https://networkx.github.io/
校內:2019-07-21公開校外:不公開