题名

殭屍網路追蹤與分析

DOI

10.29614/DRMM.201207.0004

作者

蔡孟翰;毛敬豪;林昶丞;張凱棊

关键词

殭屍網路 ; 殭屍電腦 ; 惡意程式分析 ; 惡意網域追蹤

期刊名称

資訊安全通訊

卷期/出版年月

18卷3期(2012 / 07 / 01)

页次

60 - 75

内容语文

繁體中文
中文摘要

網際網路的蓬勃發展,雖帶給人們生活上的便利,但也伴隨著遭受惡意程式(病毒、蠕蟲、殭屍程式等)攻擊的風險。惡意程式從原先簡單程序演變為能自動複製、掛載各種網路攻擊模組的多功能惡意程式,在各類惡意程式之中,感染殭屍程式的殭屍電腦所組成的殭屍網路,其引發網路攻擊的規模與造成的傷害影響甚巨。在本論文中,我們開發出一個具有追蹤與分析殭屍網路能力的整合系統,該系統具分散式與自動化的Botnet分析處理能力,其包含:分散式架構殭屍程式模擬分析模組、C&C域名追蹤模組及分散式架構殭屍網路追蹤模組。藉由外部所蒐集的殭屍程式樣本進行分析與追蹤,本系統已運作並協助分析殭屍網路達多年,於100年期間則分析出4,956隻殭屍程式、追蹤到341,753個殭屍電腦IP,本論文並給予實際案例,藉以說明本系統的運作方式與有效性。
主题分类 基礎與應用科學 > 資訊科學
参考文献
  1. Zeus Botnet http://www.networkworld.com/news/2010/092910-zeus-botnet-sms-banks.html
  2. Bredolab Botnet http://www.huffingtonpost.com/2012/05/24/georgy-avanesov-found-guilty_n_1543687.html
  3. MS08067 http://technet.microsoft.com/zh-tw/security/bulletin/ms08-067
  4. Antonakakis, M.,Perdisci, R.,Dagon, D.,Lee, W.,Feamster, N.(2010).Building a Dynamic Reputation System for DNS.Proc. of the 19th USENIX Conference on Security (SEC'10)
  5. Antonakakis, M.,Perdisci, R.,Lee, W.(2011).Detecting Malware Domains at the Upper DNS Hierarchy.Proc. of the 20th USENIX Conference on Security (SEC'11)
  6. Bilge, L.,Kirda, E.,Kruegel, C.,Balduzzi, M.(2011).Exposure: Finding malicious domains using passive dns analysis.Proc. of the 18th Annual Network and Distributed System Security Symposium (NDSS'11)
  7. Caglayan, A.,Toothaker, M.,Drapeau, D.,Burke, D.,Eaton, G.(2009).Real-Time Detection of Fast-Flux Service Networks.Proc. of the 2009 Cybersecurity Applications and Technology Conference for Homeland Security (CATCH'09)
  8. Chang, S.,Daniels, T. E.(2009).P2P Botnet Detection using Behavior Clustering & Statistical Tests.Proc. of the 2nd ACM Workshop on Security and ArtificialIintelligence (AISec '09)
  9. Choi, H.,Lee, H.,Kim, H.(2009).BotGAD - Detecting Botnets by Capturing Group Activities in Network Traffic.Proc. of the Fourth International ICST Conference on Communication System Software and Middleware (COMSWARE '09)
  10. Gu, G.,Perdisci, R.,Zhang, J.,Lee, W.(2008).BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection.Proc. of the 17th USENIX Conference on Security (SEC'08)
  11. Gu, G.,Porras, P.,Yegneswaran, V.,Fong, M.,Lee. W.(2007).BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation.Proc. of the 16th USENIX Conference on Security (SEC'07)
  12. Gu, G.,Zhang, J.,Lee, W.(2008).BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic.Proc. of the 15th Annual Network and Distributed System Security Symposium (NDSS '08)
  13. Holz, T.,Gorecki, C.,Rieck, K.,Freiling, F. C.(2008).Measuring and Detecting Fast-Flux Service Networks.Proc. of the 15th Annual Network and Distributed System Security Symposium (NDSS '08)
  14. Hsu, C.-H.,Huang, C.-Y.,Chen, K.-T.(2010).Fast-flux bot detection in real time.Proc. of the 13th International Conference on Recent Advances in Intrusion Detection (RAID'10)
  15. Huang, S.-Y.,Mao, C.-H.,Lee, H.-M.(2010).Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection.Proc. of the 5th ACM Symposium on Information, Computer and Communications Security (AsiaCCS'10)
  16. Jackson, A. W.,Lapsley, D.,Jones, C.,Zatko, M.,Golubitsky, C.,Strayer, W. T.(2009).SLINGbot: A System for Live Investigation of Next Generation Botnets.Proc. of the 2009 Cybersecurity Applications and Technology Conference for Homeland Security (CATCH '09)
  17. Li, Chao,Jiang, Wei,Zou, Xin(2009).Botnet: Survey and Case Study.Proc. of the 4th International Conference on Innovative Computing, Information and Control (ICICIC'09)
  18. Liu, L.,Chen, S.,Yan, G.,Zhang, Z.(2008).BotTracer: Execution-based Bot-like Malware Detection.Proc. of the 11th international conference on Information Security (ISC '08)
  19. McGrath, D. K.,Kalafut, A. J.,Gupta, M.(2009).Phishing infrastructure fluxes all the way.IEEE Security and Privacy,7(5),21-28.
  20. Nagaraja, S.,Mittal, P.,Hong, C.,Caesar, M.,Borisov, N.(2010).BotGrep: Finding P2P Bots with Structured Graph Analysis.Proc. of the 19th USENIX Conference on Security (SEC'10)
  21. National Computer Emergency Response technical Team/Coordination Centre of China=CNCERT/CC(2008).Guide on Policy and Technical Approaches against Botnet.Proc. of the 37th APEC Telecommunications and Information Working Group
  22. Passerini, E.,Paleari, R.,Martignoni, L.,Bruschi, D.(2008).Fluxor: Detecting and monitoring fast-flux service networks.Proc. of the 5thIinternational Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'08)
  23. Perdisci, R.,Corona, I.,Dagon, D.,Lee, W.(2009).Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces.Annual Computer Security Applications Conference
  24. Rajab, M. A.,Zarfoss, J.,Monrose, F.,Terzis, A.(2006).A multifaceted approach to understanding the botnet phenomenon.Proc. of the 6th ACM SIGCOMM Conference on Internet Measurement (IMC'06)
  25. Stone-Gross, B.,Cova, M.,Cavallaro, L.,Gilbert, B.,Szydlowski, M.,Kemmerer, R.,Kruegel, C.,Vigna, G.(2009).Your Botnet is My Botnet: Analysis of a Botnet Takeover.Proc. of the 16th ACM Conference on Computer and Communications Security (CCS '09)
  26. Strayer, W. T.,Lapsely, D.,Walsh, R.,Livadas, C.(2008).Botnet Detection Based on Network Behavior.Advances in Information Security,36,1-24.
  27. The Honeynet Project(2007).,未出版
  28. Villamarín-Salomón, R.,Brustoloni, J. C.(2009).Bayesian bot detection based on DNS traffic similarity.Proc. of the 2009 ACM Symposium on Applied Computing (SAC'09)
  29. Xie, Y.,Yu, F.,Achan, K.,Panigrahy, R.,Hulten, G.,Osipkov, I.(2008).Spamming Botnets: Signatures and Characteristics.Proc. of the ACM SIGCOMM 2008 Conference on Data Communication (SIGCOMM '08)
  30. Yu, F.,Xie, Y.,Ke, Q.(2010).SBotMiner: Large Scale Search Bot Detection.Proc. of the third ACM International Conference on Web Search and Data Mmining (WSDM '10)
print cancel