國立高雄大學圖資館 |

語系: 繁體中文

說明(常見問題)

圖資館首頁

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

SSH 字典攻擊 BotNet 聯合入侵模式與攻擊密碼特徵分析之研究 =...

國立高雄大學資訊管理學系碩士班

SSH 字典攻擊 BotNet 聯合入侵模式與攻擊密碼特徵分析之研究 = A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis

紀錄類型:	書目-語言資料,印刷品 : 單行本
並列題名:	A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis
作者:	龔恩緯,
其他團體作者:	國立高雄大學
出版地:	[高雄市]
出版者:	撰者;
出版年:	民100
面頁冊數:	47葉圖，表格 : 30公分;
標題:	殭屍網路
標題:	BotNet
電子資源:	http://handle.ncl.edu.tw/11296/ndltd/37504696379097987128
附註:	參考書目：葉45-47
摘要註:	隨著資訊科技及網路技術的發展，各式網際網路應用服務一直推陳出新，在此同時，網路攻擊手法也衍生出許多新型態的攻擊模式。在近年產生了一種新型態的協同式攻擊技術－殭屍網路( BotNet )，此類型的攻擊方式在受害主機中加入操縱機制，集結成龐大的攻擊群體。為了增加入侵的效率，殭屍網路更結合了自動化的入侵方式，主動發現並攻擊網路上的弱點主機，並快速地擴大其攻佔主機的數量，此種高擴散性及高破壞力的攻擊技術，已然是現今網管及研究人員最應重視的網路安全議題。在遭受殭屍網路威脅的同時，探究各網域受到殭屍網路的攻擊特徵與殭屍網路的入侵歷程是了解這類網路安全威脅的重要研究項目，然而先前的相關研究大多著重於攻擊的偵測機制以找出攻擊 IP 為主要目的，較欠缺完整地呈現該網域被殭屍網路聯合攻擊的特性及分析。本研究監測學術以及研究網域中真實被來自網際網路殭屍網路攻擊情況後發現，在不同攻擊 IP 來源所使用的 SSH 字典檔攻擊技術之間某些具有高度相似性並明顯與其他的攻擊來源所使用的攻擊內容有所差異，具備相當程度的群組特性，因此本研究使用 SSH 字典檔攻擊資料對所有的攻擊來源進行叢聚分析，藉以找出對監測網域進行過攻擊的潛在不同殭屍網路群組，分別以時間性與地域性的兩個構面來分析不同殭屍網路群組在發動攻擊時的群組特性。此外，本研究亦發現殭屍網路的入侵手法具有任務分工以及聯合攻擊的特性，這些特性也讓殭屍網路的入侵方式更加難以防範，希望藉由本研究的發現對於未來防禦相類似性質的殭屍網路攻擊技術有更進一步的了解。 With the development of information technologies and network techniques, various new network services and applications have been implemented, and the techniques of network attack have also derived lots of new type attack models. In recent years, a new cooperative network attack, BotNet, has been implemented. This attack technique constructs powerful attack groups with victim host through control mechanism. For more efficient intrusion, BotNets combine automatic intrusion model so that it can attack hosts with vulnerabilities automatically and expands itself quickly. With high spread and attack efficiency, BotNet is the most important network security issue to all network managers and researchers nowadays. Due to threatened by BotNet, exploring the attacks in domain, including its characteristics and intrusion model, is an important research to understand the network security threats from BotNet. However, lots of researches focused on detecting the IPs of attackers, those researches lacked the characteristics and analysis of BotNet cooperative attack in each network domains. In the initial detection of BotNet attacks, we find out that some contents of SSH dictionary attack from different IPs have high similarity with each other, and have high dissimilarity with the others. Therefore, we use clustering analysis with SSH dictionary attacks to find out the groups of attackers, and discuss the time-base and region-base concentration of attacks in BotNet groups. Furthermore, our detection finds out that there are characteristics of division of tasks and cooperative attack in BotNet intrusion, and these characteristics make the BotNet intrusion much hard to be detected. We hope the results of this study make more understanding to detection and defense technique to BotNet.

SSH 字典攻擊 BotNet 聯合入侵模式與攻擊密碼特徵分析之研究 = A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis
龔, 恩緯

SSH 字典攻擊 BotNet 聯合入侵模式與攻擊密碼特徵分析之研究 = A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis / 龔恩緯撰 - [高雄市] : 撰者, 民100. - 47葉 ; 圖，表格 ; 30公分.
參考書目：葉45-47.
殭屍網路BotNet

SSH 字典攻擊 BotNet 聯合入侵模式與攻擊密碼特徵分析之研究 = A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis
LDR:04909nam0a2200277 450 001 300443
005 20170214090312.0
009 300443
010 0 $b 精裝
010 0 $b 平裝
100 $a 20170214d2011 k y0chiy50 e
101 1 $a chi $d chi $d eng
102 $a tw
105 $a ak am 000yy
200 1 $a SSH 字典攻擊 BotNet 聯合入侵模式與攻擊密碼特徵分析之研究 $d A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis $z eng $f 龔恩緯撰
210 $a [高雄市] $c 撰者 $d 民100
215 0 $a 47葉 $c 圖，表格 $d 30公分
300 $a 參考書目：葉45-47
314 $a 指導教授：蕭漢威博士
328 $a 碩士論文--國立高雄大學資訊管理學系碩士班
330 $a 隨著資訊科技及網路技術的發展，各式網際網路應用服務一直推陳出新，在此同時，網路攻擊手法也衍生出許多新型態的攻擊模式。在近年產生了一種新型態的協同式攻擊技術－殭屍網路( BotNet )，此類型的攻擊方式在受害主機中加入操縱機制，集結成龐大的攻擊群體。為了增加入侵的效率，殭屍網路更結合了自動化的入侵方式，主動發現並攻擊網路上的弱點主機，並快速地擴大其攻佔主機的數量，此種高擴散性及高破壞力的攻擊技術，已然是現今網管及研究人員最應重視的網路安全議題。在遭受殭屍網路威脅的同時，探究各網域受到殭屍網路的攻擊特徵與殭屍網路的入侵歷程是了解這類網路安全威脅的重要研究項目，然而先前的相關研究大多著重於攻擊的偵測機制以找出攻擊 IP 為主要目的，較欠缺完整地呈現該網域被殭屍網路聯合攻擊的特性及分析。本研究監測學術以及研究網域中真實被來自網際網路殭屍網路攻擊情況後發現，在不同攻擊 IP 來源所使用的 SSH 字典檔攻擊技術之間某些具有高度相似性並明顯與其他的攻擊來源所使用的攻擊內容有所差異，具備相當程度的群組特性，因此本研究使用 SSH 字典檔攻擊資料對所有的攻擊來源進行叢聚分析，藉以找出對監測網域進行過攻擊的潛在不同殭屍網路群組，分別以時間性與地域性的兩個構面來分析不同殭屍網路群組在發動攻擊時的群組特性。此外，本研究亦發現殭屍網路的入侵手法具有任務分工以及聯合攻擊的特性，這些特性也讓殭屍網路的入侵方式更加難以防範，希望藉由本研究的發現對於未來防禦相類似性質的殭屍網路攻擊技術有更進一步的了解。 With the development of information technologies and network techniques, various new network services and applications have been implemented, and the techniques of network attack have also derived lots of new type attack models. In recent years, a new cooperative network attack, BotNet, has been implemented. This attack technique constructs powerful attack groups with victim host through control mechanism. For more efficient intrusion, BotNets combine automatic intrusion model so that it can attack hosts with vulnerabilities automatically and expands itself quickly. With high spread and attack efficiency, BotNet is the most important network security issue to all network managers and researchers nowadays. Due to threatened by BotNet, exploring the attacks in domain, including its characteristics and intrusion model, is an important research to understand the network security threats from BotNet. However, lots of researches focused on detecting the IPs of attackers, those researches lacked the characteristics and analysis of BotNet cooperative attack in each network domains. In the initial detection of BotNet attacks, we find out that some contents of SSH dictionary attack from different IPs have high similarity with each other, and have high dissimilarity with the others. Therefore, we use clustering analysis with SSH dictionary attacks to find out the groups of attackers, and discuss the time-base and region-base concentration of attacks in BotNet groups. Furthermore, our detection finds out that there are characteristics of division of tasks and cooperative attack in BotNet intrusion, and these characteristics make the BotNet intrusion much hard to be detected. We hope the results of this study make more understanding to detection and defense technique to BotNet.
510 1 $a A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis $z eng
610 0 $a 殭屍網路 $a 網路安全 $a 資料探勘 $a 叢聚分析 $a SSH 字典檔攻擊
610 1 $a BotNet $a Network Security $a Data Mining $a Clustering Analysis $a SSH Dictionary Attack
681 $a 008M/0019 $b 464105 0162 $v 2007年版
700 1 $a 龔 $b 恩緯 $4 撰 $3 518834
712 0 2 $a 國立高雄大學 $b 資訊管理學系碩士班 $3 353936
801 0 $a tw $b NUK $c 20111102 $g CCR
856 7 $z 電子資源 $2 http $u http://handle.ncl.edu.tw/11296/ndltd/37504696379097987128