SSH 字典攻擊 BotNet 聯合入侵模式與攻擊密碼特徵分析之研究 =...
國立高雄大學資訊管理學系碩士班

 

  • SSH 字典攻擊 BotNet 聯合入侵模式與攻擊密碼特徵分析之研究 = A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis
  • 紀錄類型: 書目-語言資料,印刷品 : 單行本
    並列題名: A Study of Collaborative SSH Dictionary BotNet Intrusion Model and Attacking Characteristics Analysis
    作者: 龔恩緯,
    其他團體作者: 國立高雄大學
    出版地: [高雄市]
    出版者: 撰者;
    出版年: 民100
    面頁冊數: 47葉圖,表格 : 30公分;
    標題: 殭屍網路
    標題: BotNet
    電子資源: http://handle.ncl.edu.tw/11296/ndltd/37504696379097987128
    附註: 參考書目:葉45-47
    摘要註: 隨著資訊科技及網路技術的發展,各式網際網路應用服務一直推陳出新,在此同時,網路攻擊手法也衍生出許多新型態的攻擊模式。在近年產生了一種新型態的協同式攻擊技術-殭屍網路( BotNet ),此類型的攻擊方式在受害主機中加入操縱機制,集結成龐大的攻擊群體。為了增加入侵的效率,殭屍網路更結合了自動化的入侵方式,主動發現並攻擊網路上的弱點主機,並快速地擴大其攻佔主機的數量,此種高擴散性及高破壞力的攻擊技術,已然是現今網管及研究人員最應重視的網路安全議題。 在遭受殭屍網路威脅的同時,探究各網域受到殭屍網路的攻擊特徵與殭屍網路的入侵歷程是了解這類網路安全威脅的重要研究項目,然而先前的相關研究大多著重於攻擊的偵測機制以找出攻擊 IP 為主要目的,較欠缺完整地呈現該網域被殭屍網路聯合攻擊的特性及分析。本研究監測學術以及研究網域中真實被來自網際網路殭屍網路攻擊情況後發現,在不同攻擊 IP 來源所使用的 SSH 字典檔攻擊技術之間某些具有高度相似性並明顯與其他的攻擊來源所使用的攻擊內容有所差異,具備相當程度的群組特性,因此本研究使用 SSH 字典檔攻擊資料對所有的攻擊來源進行叢聚分析,藉以找出對監測網域進行過攻擊的潛在不同殭屍網路群組,分別以時間性與地域性的兩個構面來分析不同殭屍網路群組在發動攻擊時的群組特性。此外,本研究亦發現殭屍網路的入侵手法具有任務分工以及聯合攻擊的特性,這些特性也讓殭屍網路的入侵方式更加難以防範,希望藉由本研究的發現對於未來防禦相類似性質的殭屍網路攻擊技術有更進一步的了解。 With the development of information technologies and network techniques, various new network services and applications have been implemented, and the techniques of network attack have also derived lots of new type attack models. In recent years, a new cooperative network attack, BotNet, has been implemented. This attack technique constructs powerful attack groups with victim host through control mechanism. For more efficient intrusion, BotNets combine automatic intrusion model so that it can attack hosts with vulnerabilities automatically and expands itself quickly. With high spread and attack efficiency, BotNet is the most important network security issue to all network managers and researchers nowadays. Due to threatened by BotNet, exploring the attacks in domain, including its characteristics and intrusion model, is an important research to understand the network security threats from BotNet. However, lots of researches focused on detecting the IPs of attackers, those researches lacked the characteristics and analysis of BotNet cooperative attack in each network domains. In the initial detection of BotNet attacks, we find out that some contents of SSH dictionary attack from different IPs have high similarity with each other, and have high dissimilarity with the others. Therefore, we use clustering analysis with SSH dictionary attacks to find out the groups of attackers, and discuss the time-base and region-base concentration of attacks in BotNet groups. Furthermore, our detection finds out that there are characteristics of division of tasks and cooperative attack in BotNet intrusion, and these characteristics make the BotNet intrusion much hard to be detected. We hope the results of this study make more understanding to detection and defense technique to BotNet.
館藏
  • 2 筆 • 頁數 1 •
 
310002135047 博碩士論文區(二樓) 不外借資料 學位論文 TH 008M/0019 464105 0162 2011 一般使用(Normal) 在架 0
310002135039 博碩士論文區(二樓) 不外借資料 學位論文 TH 008M/0019 464105 0162 2011 c.2 一般使用(Normal) 在架 0
  • 2 筆 • 頁數 1 •
評論
Export
取書館別
 
 
變更密碼
登入