簡易檢索 / 詳目顯示
| 研究生: |
詹鎧瑋 Chan, Kai-Wei |
|---|---|
| 論文名稱: |
基於對話期之非監督式點對點殭屍網路偵測之研究 Study On Unsupervised Session-Based P2P Botnet Detection |
| 指導教授: |
謝錫堃
Shieh, Ce-Kuen |
| 共同指導教授: |
張志標
Chang, Jyh-Biau |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2015 |
| 畢業學年度: | 103 |
| 語文別: | 英文 |
| 論文頁數: | 40 |
| 中文關鍵詞: | 點對點殭屍網路 、對話期 、非監督式 、分散式系統 、MapReduce架構 、網路流 |
| 外文關鍵詞: | P2P Botnet, Session, Unsupervised learning, Distributed Processing, MapReduce Framwork, Netflow |
| 相關次數: | 點閱:188 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
殭屍網路(Botnet)近年來在網路中被駭客利用作為網路攻擊的手段之一,其中分散式殭屍網路較傳統集中式殭屍網路更難以偵測與預防,期望建立一套基於對話期之非監督式偵測系統偵測分散式殭屍網路(點對點殭屍網路)。近期許多殭屍網路偵測系統針對發動攻擊時所產生的網路流量或行為做偵測,此時受害者主機可能已遭受感染。點對點殭屍網路在潛伏期會有微量通訊行為,不同類型點對點殭屍網路間會有不同行為,但同類型殭屍網路俱有高相似程度,透過對話期概念找出網路中雙向且完整的通訊行為,本研究結合對話期與非監督式學習在殭屍網路潛伏階段找出異常且俱有高相似度的網路通訊行為。
由於不易取得完整的網路流量,許多研究收集正常網路與異常網路流量合成做為測試資料以判別殭屍網路偵測系統偵測率及誤判率,此方式所偵測的網路流量樣本數較少,本研究以國家高速網路中心所提供的真實網路流(Netflow)做分析、處理,可驗證此偵測系統於網路環境中之成效。面對大資料分析(如:網路流資料)若以單機運算將會消耗大量時間,本研究結合分散式運算平台Hadoop,將網路流資料放置於HDFS(Hadoop Distribution File System)並以MapReduce架構實做以縮短偵測週期。
Decentralized or Peer-to-Peer (P2P) Botnets are difficult to recognize than traditional centralized Botnets because of intrinsic of their network topology. Most previous works on P2P Botnet detection, only focus on analyzing the attack phase. It is hard to detect P2P Botnets before their attacks because of the lack of network trace. For detecting P2P Botnets, in this paper, we proposed a session-based P2P Botnets detection system based on unsupervised machine learning with large traffic volume to obtain the suspicious behavior patterns. We believe that all P2P Botnet has its own communication patterns, and it cannot hide anymore inside long periods even using randomized noise during their talks.
[1] Stevanovic, Matija, and Jesper Melgaard Pedersen. "An efficient flow-based botnet detection using supervised machine learning." Computing, Networking and Communications (ICNC), 2014 International Conference on. IEEE, 2014.
[2] Yahyazadeh, Mosa, and Mahdi Abadi. "BotCatch: Botnet detection based on coordinated group activities of compromised hosts." Telecommunications (IST), 2014 7th International Symposium on. IEEE, 2014.
[3] Singh, Kamaldeep, et al. "Big data analytics framework for peer-to-peer botnet detection using random forests." Information Sciences 278 (2014): 488-497.
[4] Haddadi, Fariba. "Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification." (2014).
[5] Alexa Top 500 sites on the web. http://www.alexa.com/topsites/global;0
[6] Silva, Sérgio SC, et al. "Botnets: A survey." Computer Networks 57.2 (2013): 378-403.
[7] Liu, Jing, et al. "Botnet: classification, attacks, detection, tracing, and preventive measures." EURASIP journal on wireless communications and networking. Vol. 2009. IEEE Computer Society, 2009.
[8] Hang, Huy, et al. "Entelecheia: Detecting p2p botnets in their waiting stage." IFIP Networking Conference, 2013. IEEE, 2013.
[9] Rodríguez-Gómez, Rafael A., Gabriel Maciá-Fernández, and Pedro García-Teodoro. "Survey and taxonomy of botnet research through life-cycle." ACM Computing Surveys (CSUR) 45.4 (2013): 45.
[10] Zhang, Junjie, et al. "Building a scalable system for stealthy p2p-botnet detection." Information Forensics and Security, IEEE Transactions on 9.1 (2014): 27-38.
[11] Rahbarinia, Babak, et al. "Peerrush: Mining for unwanted p2p traffic." Journal of Information Security and Applications 19.3 (2014): 194-208.
[12] Gu, Guofei, et al. "BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection." USENIX Security Symposium. Vol. 5. No. 2. 2008.
[13] Dean, Jeffrey, and Sanjay Ghemawat. "MapReduce: simplified data processing on large clusters." Communications of the ACM 51.1 (2008): 107-113.
[14] Fan, Yuhui, and Ning Xu. "A P2P Botnet Detection Method Used On-line Monitoring and Off-line Detection." International Journal of Security and Its Applications 8.3 (2014): 87-96.
[15] Abdullah, Raihana Syahirah, et al. "Preliminary study of host and network-based analysis on P2P Botnet detection." Technology, Informatics, Management, Engineering, and Environment (TIME-E), 2013 International Conference on. IEEE, 2013.
[16] Free and Public DNS Servers.http://pcsupport.about.com/od/tipstricks/a/free-public-dns-servers.htm
[17] Top Sites in Taiwan. http://www.alexa.com/topsites/countries/TW
[18] TcpInitialRTT. https://technet.microsoft.com/en-us/library/cc938207.aspx
[19] TcpMaxConnectRetransmissions. https://technet.microsoft.com/en-us/library/cc938209.aspx
[20] DNS Clients and Timeouts http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx
[21] Bolla, Raffaele, et al. "Characterizing the network behavior of P2P traffic." Telecommunication Networking Workshop on QoS in Multiservice IP Networks, 2008. IT-NEWS 2008. 4th International. IEEE, 2008.
[22] Quittek, J., et al. "Rfc 3917: requirements for IP flow information export: IPFIX." Published by Internet Engineering Task Force (IETF). Internet Society (ISOC) RFC Editor. USA. out (2004).
[23] Open Malware. http://oc.gtisc.gatech.edu:8080/
[24] Malwr. Malware Analysis by Cuckoo Sandbox. https://malwr.com/
[25] VirusShare. http://virusshare.com/
校內:2020-08-25公開校外:不公開