P2P傳輸軟體越來越普遍,攻擊者善用P2P的分散式點對點的特性在Botnet上進行攻擊與竊取。目前Botnet病毒之研究多以網路流量相關方法偵測病毒,甚少提及攻擊與竊取之阻斷。
本研究針對Botnet的DDos與資料竊取行為進行分析,首先DDos行為是擷取各種應用程式所發送的封包,整理、運算、分析後得出六種類別的網路流量資料,運用量化關聯規則法分析得出Botnet的DDos攻擊行為規則,類別行為決策規則是以字串比對和決策樹來分析通訊指令,以得出資料竊取病毒的行為決策規則。
逆阻系統則是以Botnet DDos攻擊行為規則來辨別Botnet DDos病毒,以類別行為決策規則來辨別資料竊取病毒,在辨別出病毒後將予以拘禁來阻斷其病毒的網路功能,以達到防禦Botnet病毒與資料竊取病毒之行為,最後判斷Botnet病毒的準確率為100%,判斷非Botnet病毒的準確率為75%,判斷全部病毒的準確率為93.7%,且判斷正常應用程式的準確率為100%。
Botnet masters apply distributed point-to-point characteristics of P2P on Botnet to conduct attacks due to the common use of P2P transmission software. Current research-ers focused on methods using packet flow information on the detection of Botnet vi-ruses.
The paper analyzes the Botnet DDos and data stealing behaviors. First, Botnet DDos Quantitative Association rules are generated based on network flow information of six different categories. Second, data stealing behavior patterns are built using string matching and decision tree technique based on Communication Command. Botnet DDos Quantitative Association rules and data stealing behavior patterns are applied to discover viruses.
In the virus blocking system, the system disables the network connection to appli-cation program once a virus in the program is identified. Accuracies of identifying Bot-net viruses, non-Botnet viruses, and both are 100%, 75% and 93.7% respectively. The accuracy of identifying of normal application programs is 100%.
