题名

Android上的殭屍網路攻擊偵測

DOI

10.29614/DRMM.201204.0011

作者

劉恩榜;曾文貴

关键词
期刊名称

資訊安全通訊

卷期/出版年月

18卷2期(2012 / 04 / 01)

页次

132 - 153

内容语文

繁體中文
中文摘要

殭屍網路是現今網路上一大嚴重威脅,感染到殭屍病毒的電腦不僅造成資料外洩、系統損壞,甚至會成為重大網路攻擊的跳板。隨著智慧型手機的高度發展,手機所提供的功能多樣化,許多個人的資料、密碼還有相關私密的圖片、影片都會存放在手機裡,手機儼然成為一個小型PC。因此近年來許多駭客不斷發展手機上的病毒、木馬、殭屍網路等惡意軟體,以竊取手機隱私資料、發送廣告簡訊和垃圾郵件等等。本論文介紹一個針對Android手機的殭屍網路偵測系統,根據殭屍網路的group activity特質和異常連線,於手機前端使用Snort這款強大的IDS做即時偵測,並安裝收集殭屍網路異常封包的filter,將過濾後的封包上傳到後端的偵測中心,偵測中心從眾多手機的資料中,使用相似度演算法判斷哪些手機感染到殭屍病毒、且正遭受惡意控制。
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Android Customized ROM Information, http://androidspin.com/
  2. Cyanogenmod, http://wiki.cyanogenmod.com/index.php?title=Main_Page
  3. Snort, http://www.snort.org/
  4. Android - An Open Handset Alliance Project, http://www.android.com/
  5. Android Open Source Project, http://source.android.com/
  6. http://www.exploit-db.com/exploits/16974/
  7. 台灣 Android 資源網站. http://android.cool3c.com/
  8. Eclipse Integrated Development Environment, http://www.eclipse.org/
  9. Cyber-TA. SRI Honeynet and BotHunter Malware Analysis Automatic Summary Analysis Table. http://www.cyber-ta.org/releases/malware-analysis/public/.
  10. Android SDK, http://developer.android.com/index.html
  11. Android Market, http://www.android.com/market/#app=com.farproc.wifi.analyzer
  12. Analysis of a Botnet Takeover.IEEE Security & Privacy
  13. Android 資訊雜誌, http://www.android-hk.com/about/
  14. Jollen 的Android 專欄, http://www.jollen.org/Android/
  15. Bacher, P.,Holz, T.,Kotter, M.,Wicherski, G.(2008).,未出版
  16. Baecher, P.,Koetter, M.,Dornseif, M.,Freiling, F.(2006).The nepenthes platform: An efficient approach to collect malware.Proceedings of the 9 th International Symposium on Recent Advances in Intrusion Detection
  17. Barford, P.,Yegneswaran, V.(2006).An inside look at botnets.Special Workshop on Malware Detection, Advances in Information Security
  18. Berre, Arne-Jørgen(ed.),Gómez-Pérez, Asunción(ed.),Tutschku, Kurt(ed.),Fensel, Dieter(ed.)(2010).Future Internet - FIS 2010: Third Future Internet Symposium, Berlin, Germany, September 20-22, 2010. Proceedings
  19. Binkley, J. R.,Singh, S.(2006).An algorithm for anomaly-based botnet detection.The 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI'06)
  20. Choi, H.,Lee, H.,Lee, H.,Kim, H.(2007).Botnet Detection by Monitoring Group Activities in DNS Traffic.Proc. 7th IEEE International Conference on Computer and Information Technology(CIT 2007)
  21. Dagon, D.,Gu, G.,Lee, C.,Lee, W.(2007).A taxonomy of botnet structures.Proceedings of the 23 Annual Computer Security Applications Conference (ACSAC'07)
  22. Gianvecchio, S.,Xie, M.,Wu, Z.,Wang, H.(2008).Measurement and Classification of Humans and Bots in Internet Chat.Proceedings of the 17th conference on Security symposium,CA, USA:
  23. Giroire, F.,Chandrashekar, J.,Taft, N.,Schooler, E.,Papagiannaki, D.(2009).Exploiting Temporal Persistence to Detect Covert Botnet Channels.Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
  24. Grizzard, J.B.,Sharma, V.,Nunnery, C.,Kang, B. ByungHoon,Dagon, D.(2007).Peer-to-peer botnets: overview and case study.Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets,Cambridge, MA:
  25. Gu, G.,Perdisci, R.,Zhang, J.,Lee, W.(2008).Botminer: Clustering analysis of network traffic for protocol- and structure independent Botnet detection.Proc. 17th USENIX Security Symposium
  26. Gu, G.,Porras, P.,Yegneswaran, V.,Fong, M.,Lee, W.(2007).BotHunter: Detecting malware infection through ids-driven dialog correlation.Proceedings of the 16th USENIX Security Symposium (Security'07)
  27. Gu, G.,Zhang, J.,Lee, W.(2008).BotSniffer: Detecting botnet command and control channels in network traffic.Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)
  28. Hua, Jingyu,Sakurai, Kouichi(2011).A SMS-Based Mobile Botnet Using Flooding Algorithm.WISTP
  29. Karasaridis, A.,Rexroad, B.,Hoeflin, D.(2007).Wide-scale botnet detection and characterization.Proceedings of the 1st Workshop on Hot Topics in Understanding Botnets (HotBots'07)
  30. Lee, Jae-Seo,Jeong, HyunCheol,Park, Jun-Hyung,Kim, Minsoo,Noh, Bong-Nam(2008).The Activity Analysis of Malicious HTTP-Based Botnets Using Degree of Periodic Repeatability.Proceedings of the International Conference on Security Technology,South Korea:
  31. Liu, Lei,Chen, Songqing,Yan, Guanhua,Zhang, Zhao.,未出版
  32. Lo, Jih-Hong,Tzeng, Wen-Guey(2010).ROC,NCTU.
  33. Moore, D.,Shannon, C.,Brown, D. J.,Voelker, G. M,Savage, S.(2006).Inferring Internet Denial of Service Activity.Proceedings of the ACM Transactions on Computer Systems,NY, USA:
  34. Provos, N.,Holz, T.(2007).Virtual honeypots: From botnet tracking to intrusion detection.Addison-Wesley.
  35. Xiong, Huijun,Yao, Danfeng(Daphne),Han, Lu(2010).,未出版
  36. Yen, Ting-Fang,Reiter, Michael K.(2008).Traffic aggregation for malware detection.Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment,Berlin, Heidelberg:
  37. Zeidanloo, H.R.,Manaf, A.A.(2010).Botnet Detection by Monitoring Similar Communication Patterns.International Journal of Computer Science and Information Security,7(3)
  38. Zhuge, J.,Holz, T.,Han, X.,Guo, J.,Zou, W.(2007).Peking University & University of Mannheim Technical ReportPeking University & University of Mannheim Technical Report,未出版
  39. Zou, C. C.,Cunningham, R.(2006).Honeypot-aware advanced botnet construction and maintenance.Proceedings of the International Conference on Dependable Systems and Networks,Orlando, FL:
print cancel