由於企業組織與政府單位對於資訊科技的依賴程度與日俱增，資訊科技已是其日常營運中不可或缺的一環，但卻面臨更多資訊安全上的挑戰。如何保護其資訊資產，使其達到機密性、完整性與可用性成為企業組織與政府單位的重要問題。近年來惡意軟體急遽增加，已嚴重威脅到資訊安全的機密性、完整性與可用性。並已引起國外資訊界及企業組織、資訊業界與政府單位的重視殭屍網路對網際網路所帶來的嚴重安全威脅。特別是殭屍網路(botnet)，對資訊安全的危害甚鉅。由於駭客工具快速的發展與大量散播，加上經濟上的誘因及網路犯罪防治的困難等種種因素。殭屍網路慢慢成為駭客用來作為竊取軟體序號、帳號密碼或其他有價值的資料的工具，或成為進行分散式阻絕服務攻擊(DDoS)、垃圾郵件(SPAM)的跳板。因網路連線型態的改變，持續連網的連線服務如ADSL、FTTB等服務普及，加上資訊安全意識薄弱，大量的個人電腦容昜淪為受到殭屍網路感染的受害者，進行成為殭屍網路危害資訊安全的代罪羔羊。且目前相關研究仍欠缺對針殭屍網路分類及樣式模型的相關機制。因此我們希望架立一個結構式資料庫，並將蒐集到的資料，利用資料探勘技術，研究殭屍網路的行為模式，並利用特定的類別屬性，建立分類模型對其進行態樣分析，希望能對殭尸網路的研究能有所貢獻。

As the organizations and the governments’ agencies relying for the information technology increasingly, information technology is an integral part of its daily operations, which are facing more security challenges. How to protect their information assets from the hackers attack, meanwhile, achieve to the confidentiality, integrity and availability of business organizations and government agencies to become an important issue. In recent years, malware has been a serious threat to information security in confidentiality, integrity and availability. It has attracted the attention from the IT business organizations, information industry and government entities on the serious security threat of the botnets. In particular botnet, it has a huge dangerous risk for information security. Duo to the hackers rapidly develops the tool and spread it all the time, and other elements including economic, the difficulties of cybercrime prevention and other factors. Botnets slowly become hackers’ tools used to steal the serial number, account passwords or other valuable information, the distributed denial of service attacks carried out (DDoS), and the springboard for the junk mail (SPAM). Due to the change in the network connection patterns, continuous services such as ADSL, FTTB. The other factor which like the awareness of the information security and the large number of infected PC becoming the victims and become the scapegoat of information security hazards. And the current research is still lack of the pattern analysis and classification model. Therefore, we hope to create a structured database collecting the data, and then we use the data mining techniques to study botnet behavior patterns and exploit specific properties to establish its own classification model, we hope we will achieve something in this field and contribute to the research of botnet.

[1] Li Sheng , Liu Zhiming, He Jin, Deng Gaoming, Huang Wen,” A Distributed Botnet Detecting Approach Based on Traffic Flow Analysis”,IMCCC,2012
[2] Hyunsang Choi , Hanwoo Lee, Heejo Lee, Hyogon Kim,”Botnet Detection by Monitoring Group Activities in DNS Traffic”,IEEE,2007
[3] Zhenqi Wang ,”The research of detecting IRC botnet based on k-means algorithms”,ICCSNA,2012
[4] Felix C. Freiling, Thorsten Holz & Georg Wicherski, “Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks”, ESORICS '05, Milan, Italy, Sep. 12-14, 2005.
[5] Guofei Gu, Junjie Zhang & Wenke Lee,2008, “BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic”, NDSS'08, San Diego, USA, Feb. 8-11, 2008.
[6] Adrienne Hall, “In Pursuit of Cyber Crime”, RSA 2010, London, UK, Oct. 12-14, 2010.
[7] Von Solms B., 2006, “Information security - The fourth wave”, Computers & Security, Vol. 25, No. 3, pp.165-168.
[8] Yeh, Q. J. & Chang, A. J. T., 2007, “Threats and countermeasures for information system security: A cross-industry study”, Information & Management, Vol. 44, pp.480–491.
[9] Mentor Wang, 2008, “Botnet介紹”, Retrieved 2010/11/26 from http://mentorwang.blogspot.com/2008/07/botnet.html.
[10] NCHC, “臺灣惡意程式分析網” Retrieved 2011/12/10 from http://twman.nchc.org.tw.
[11] NCHC, “Clonezilla 再生龍” Retrieved 2011/12/15 from http://clonezilla.nchc.org.tw.
[12] Cuckoo, “Cuckoo Sandbox” Retrieved 2012/03/15 from http://www.cuckoobox.org.
[13] University of Erlangen-Nuremberg, “Malware Analysis System, CWSandbox: Behavior-based Malware Analysis”, Retrieved 2012/01/05 from http://mwanalysis.org/.
[14] TWISC@NCKU, “Malbed”, Retrieved 2012/03/30 from http://malbed.twisc.ncku.edu.tw.
[15] International Secure Systems Lab, “Anubis: Analyzing Unknown Binaries”, Retrieved 2011/10/15 from http://anubis.iseclab.org.
[16] MySQL, “open source relational database management system (RDBMS)[“MySQL 5.5 Reference Manual
[17] http://dev.mysql.com/doc/refman/5.5/en/
[18] 台灣科技大學資通安全研究與教學中心「網路應用安全知識庫」, 2010, “殭屍網路(Botnet)”
[19] 花俊傑, 2010, “[觀點]小心殭屍網路對企業造成的衝擊”, Retrieved 11/25 18:50 2010, from http://jackforsec.blogspot.com/2010/06/blog-post.html
[20] 黃獻德, 李健興, 莊宗嚴, 蔡一郎, 邱敏乘, 2009, "基於知識本體之惡意程式分析平台," 2009全國計算機會議(NCS2009), 台北.
[21] 謝喻為, 陳文漢, 甯柏雅, 2010, “惡意程式攻擊與防護”, Retrieved Nov, 2010, http://oasis.csie.ntu.edu.tw/2009_fall_network/slides/42
[22] 崔嘻, 2009, “Botnet殭屍網路無聲的主流威脅，恐使電腦使用者成為罪犯”, Retrieved 11/27 18:50 2010, fromhttp://domynews.blog.ithome.com.tw/post/1252/36516