國立高雄大學圖資館 |

以關聯法則偵測集中式潛藏殭屍之研究 = A Study of Detecting Hidden Centralized BotNet Using Association Mining Approach

紀錄類型:	書目-語言資料,印刷品 : 單行本
並列題名:	A Study of Detecting Hidden Centralized BotNet Using Association Mining Approach
作者:	侯翔齡,
其他團體作者:	國立高雄大學
出版地:	[高雄市]
出版者:	撰者;
出版年:	2012[民101]
面頁冊數:	52面圖，表格 : 30公分;
標題:	殭屍網路偵測
標題:	BotNet Detection
電子資源:	http://handle.ncl.edu.tw/11296/ndltd/02343037025428605656
附註:	參考書目：面43-45
附註:	103年12月16日公開
摘要註:	網際網路已成為生活中不可或缺的一部分，各式各樣的網際網路應用服務不斷地被推出，但是隨著網路技術的進步，許多網路攻擊手法也隨之進化，進而衍生出許多新型態的網路攻擊模式，其中殭屍網路就是其中一種值得研究重視之議題。在殭屍網路中，攻擊者會遠端操控受害主機，可以短時間內下達命令給所有殭屍電腦，發動大規模的聯合攻擊行動，近年來有許多研究報告指出殭屍網路攻擊已經造成許多企業的損失，然於先前相關的殭屍網路偵測技術研究大多著重於已開始活動的殭屍網路電腦做為偵測對象，對於處於潛伏期的潛藏殭屍電腦則探討較少。有鑑於此，本研究提出一個以關聯法則資料探勘技術分析流量資料方式為基礎的偵測方法，希望利用一個已被偵測出的殭屍網路電腦，延伸探勘出網域中其他尚處於潛伏期之潛藏殭屍電腦，透過兩者皆會連線至命令與控制伺服主機的集中式殭屍網路特性，因彼此之間網路連線的關聯性，以偵測網域中其他尚處於潛藏狀態的殭屍電腦。本研究於國立高雄大學網路環境內架設一個潛藏殭屍網路偵測系統，以目前真實存在的殭屍網路入侵程式，實證評估本研究所提出的偵測模式對於潛藏殭屍電腦之偵測效能，其結果證實能夠有效地偵測出潛藏殭屍網路中的受害電腦，相信本研究的成果在未來進行相關類似的研究時，能夠做為重要的參考依據。 Internet has become an indispensable platform in our life, many Internet applications services have been constantly release. However, with the advances in network technology, many of the network attack techniques are also evolved. Among new types of network attack patterns, the impact of malicious network attack is one of the issues which people care about the most. Attackers could remote control the victim host in BotNet, and command all BotNet computers to launch a large-scale cooperative attacks in short time. In recent years, many research results have mentioned BotNet attack caused a serious damage to many enterprises. However, in previous researches about BotNet detection techniques tend to focus on started as a detection object, but they could not have good performance to detect the hidden BotNet computers in the incubation period. Therefore, this research proposes a detection mechanism to analyze the traffic data based on the association mining approach. To mining the hidden BotNet computer in the network environment which is still in the incubation period. The centralized BotNet characteristic is that BotNet computers would connect to the same command and control server, so we could find out the BotNet computers in the hidden state with the association of their connections. This research builds up a detection system on the campus of National University of Kaohsiung, and uses the real existing BotNet program to evaluate the hidden BotNet detection performance of our detection module. The results show that our proposed mechanism has well performance to uncover hidden BotNet, and we believe this research could be an important reference for future studies that investigate the issue of hidden BotNet detection.

以關聯法則偵測集中式潛藏殭屍之研究 = A Study of Detecting Hidden Centralized BotNet Using Association Mining Approach
侯, 翔齡

以關聯法則偵測集中式潛藏殭屍之研究 = A Study of Detecting Hidden Centralized BotNet Using Association Mining Approach / 侯翔齡撰 - [高雄市] : 撰者, 2012[民101]. - 52面 ; 圖，表格 ; 30公分.
參考書目：面43-45103年12月16日公開.
殭屍網路偵測BotNet Detection

以關聯法則偵測集中式潛藏殭屍之研究 = A Study of Detecting Hidden Centralized BotNet Using Association Mining Approach
LDR:04546nam0a2200289 450 001 346206
005 20170214091036.0
009 346206
010 0 $b 精裝
010 0 $b 平裝
100 $a 20170214d2012 k y0chiy05 e
101 1 $a chi $d chi $d eng
102 $a tw
105 $a ak am 000yy
200 1 $a 以關聯法則偵測集中式潛藏殭屍之研究 $d A Study of Detecting Hidden Centralized BotNet Using Association Mining Approach $z eng $f 侯翔齡撰
210 $a [高雄市] $c 撰者 $d 2012[民101]
215 0 $a 52面 $c 圖，表格 $d 30公分
300 $a 參考書目：面43-45
300 $a 103年12月16日公開
314 $a 指導教授：蕭漢威博士
328 $a 碩士論文--國立高雄大學資訊管理學系碩士班
330 $a 網際網路已成為生活中不可或缺的一部分，各式各樣的網際網路應用服務不斷地被推出，但是隨著網路技術的進步，許多網路攻擊手法也隨之進化，進而衍生出許多新型態的網路攻擊模式，其中殭屍網路就是其中一種值得研究重視之議題。在殭屍網路中，攻擊者會遠端操控受害主機，可以短時間內下達命令給所有殭屍電腦，發動大規模的聯合攻擊行動，近年來有許多研究報告指出殭屍網路攻擊已經造成許多企業的損失，然於先前相關的殭屍網路偵測技術研究大多著重於已開始活動的殭屍網路電腦做為偵測對象，對於處於潛伏期的潛藏殭屍電腦則探討較少。有鑑於此，本研究提出一個以關聯法則資料探勘技術分析流量資料方式為基礎的偵測方法，希望利用一個已被偵測出的殭屍網路電腦，延伸探勘出網域中其他尚處於潛伏期之潛藏殭屍電腦，透過兩者皆會連線至命令與控制伺服主機的集中式殭屍網路特性，因彼此之間網路連線的關聯性，以偵測網域中其他尚處於潛藏狀態的殭屍電腦。本研究於國立高雄大學網路環境內架設一個潛藏殭屍網路偵測系統，以目前真實存在的殭屍網路入侵程式，實證評估本研究所提出的偵測模式對於潛藏殭屍電腦之偵測效能，其結果證實能夠有效地偵測出潛藏殭屍網路中的受害電腦，相信本研究的成果在未來進行相關類似的研究時，能夠做為重要的參考依據。 Internet has become an indispensable platform in our life, many Internet applications services have been constantly release. However, with the advances in network technology, many of the network attack techniques are also evolved. Among new types of network attack patterns, the impact of malicious network attack is one of the issues which people care about the most. Attackers could remote control the victim host in BotNet, and command all BotNet computers to launch a large-scale cooperative attacks in short time. In recent years, many research results have mentioned BotNet attack caused a serious damage to many enterprises. However, in previous researches about BotNet detection techniques tend to focus on started as a detection object, but they could not have good performance to detect the hidden BotNet computers in the incubation period. Therefore, this research proposes a detection mechanism to analyze the traffic data based on the association mining approach. To mining the hidden BotNet computer in the network environment which is still in the incubation period. The centralized BotNet characteristic is that BotNet computers would connect to the same command and control server, so we could find out the BotNet computers in the hidden state with the association of their connections. This research builds up a detection system on the campus of National University of Kaohsiung, and uses the real existing BotNet program to evaluate the hidden BotNet detection performance of our detection module. The results show that our proposed mechanism has well performance to uncover hidden BotNet, and we believe this research could be an important reference for future studies that investigate the issue of hidden BotNet detection.
510 1 $a A Study of Detecting Hidden Centralized BotNet Using Association Mining Approach $z eng
610 0 $a 殭屍網路偵測 $a 潛藏殭屍 $a 網路安全 $a 資料探勘 $a 關聯法則
610 1 $a BotNet Detection $a Hidden BotNet $a Network Security $a Data Mining $a Association Rule Mining
681 $a 008M/0019 $b 464105 2782 $v 2007年版
700 1 $a 侯 $b 翔齡 $4 撰 $3 576417
712 0 2 $a 國立高雄大學 $b 資訊管理學系碩士班 $3 353936
801 0 $a tw $b NUK $c 20121107 $g CCR
856 7 $z 電子資源 $2 http $u http://handle.ncl.edu.tw/11296/ndltd/02343037025428605656