文化大學機構典藏 CCUR:Item 987654321/29750
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 47121/50987 (92%)
Visitors : 13816974      Online Users : 267
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://irlib.pccu.edu.tw/handle/987654321/29750


    Title: Botnet行為分析與阻斷攻擊之研究
    Research on Botnet Behavior Analysis and Attack Prevention
    Authors: 張博誠
    Chang, Po-Cheng
    Contributors: 資訊管理學系
    Keywords: 殭屍網路
    分散式阻斷服務攻擊
    量化關聯規則
    資料竊取
    字串比對
    決策樹
    Botnet
    DDos
    Quantitative Association rules
    data steal
    String Matching
    Decision Tree
    Date: 2014-12-25
    Issue Date: 2015-02-05 14:58:10 (UTC+8)
    Abstract: P2P傳輸軟體越來越普遍,攻擊者善用P2P的分散式點對點的特性在Botnet上進行攻擊與竊取。目前Botnet病毒之研究多以網路流量相關方法偵測病毒,甚少提及攻擊與竊取之阻斷。
    本研究針對Botnet的DDos與資料竊取行為進行分析,首先DDos行為是擷取各種應用程式所發送的封包,整理、運算、分析後得出六種類別的網路流量資料,運用量化關聯規則法分析得出Botnet的DDos攻擊行為規則,類別行為決策規則是以字串比對和決策樹來分析通訊指令,以得出資料竊取病毒的行為決策規則。
    逆阻系統則是以Botnet DDos攻擊行為規則來辨別Botnet DDos病毒,以類別行為決策規則來辨別資料竊取病毒,在辨別出病毒後將予以拘禁來阻斷其病毒的網路功能,以達到防禦Botnet病毒與資料竊取病毒之行為,最後判斷Botnet病毒的準確率為100%,判斷非Botnet病毒的準確率為75%,判斷全部病毒的準確率為93.7%,且判斷正常應用程式的準確率為100%。
    Botnet masters apply distributed point-to-point characteristics of P2P on Botnet to conduct attacks due to the common use of P2P transmission software. Current research-ers focused on methods using packet flow information on the detection of Botnet vi-ruses.
    The paper analyzes the Botnet DDos and data stealing behaviors. First, Botnet DDos Quantitative Association rules are generated based on network flow information of six different categories. Second, data stealing behavior patterns are built using string matching and decision tree technique based on Communication Command. Botnet DDos Quantitative Association rules and data stealing behavior patterns are applied to discover viruses.
    In the virus blocking system, the system disables the network connection to appli-cation program once a virus in the program is identified. Accuracies of identifying Bot-net viruses, non-Botnet viruses, and both are 100%, 75% and 93.7% respectively. The accuracy of identifying of normal application programs is 100%.
    Appears in Collections:[Department of Information Management & Graduate Institute of Information Management] Thesis

    Files in This Item:

    File Description SizeFormat
    103PCCU0396003-002.pdf4949KbAdobe PDF447View/Open


    View Licence

    All items in CCUR are protected by copyright, with all rights reserved.

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback