標題: Android上的殭屍網路攻擊偵測
Mobile Botnet Detection on Android
作者: 劉恩榜
Liu, En-Bang
曾文貴
Tzeng, Wen-Guey
資訊科學與工程研究所
關鍵字: 殭屍網路;Mobile Botnet;Android
公開日期: 2011
摘要: 殭屍網路是現今網路上一大嚴重威脅,感染到殭屍病毒的電腦會不自覺地成為被控制的傀儡,不僅造成資料外洩、系統損壞、甚至成為重大網路攻擊的跳板。隨著智慧型手機的高度發展下,手機所提供的功能不只是傳統通電話或是傳簡訊 ,還包含了上網以及基本資料處理的功能,許多個人的資料、密碼還有相關私密的圖片、影片都會存放在手機裡,手機儼然成為一個小型PC,因此近年來許多駭客不斷發展手機上的病毒、木馬、殭屍網路等惡意軟體,去竊取手機隱私資料、發送廣告簡訊和垃圾郵件等等。因此本論文提供一個針對Android手機上的殭屍網路偵測系統,在手機的流量中,根據殭屍網路的group activity特質和異常連線,於手機前端使用Snort這款強大的IDS做即時偵測,並安裝收集殭屍網路異常封包的filter,將過濾好的封包上傳到後端的偵測中心,偵測中心從眾多手機的資料中,使用相似度演算法去判斷哪些手機是感染到殭屍病毒且正遭受惡意控制。
Botnets are now a serious threat to the internet . The infected computers will become a puppet (zombie computer), and controlled by attacker unconsciously . This impact not only resulted in leakage of information, system damage , but also make the computers become a springboard for a major network attacks .With the high development of smart phones , the phone is not just for calling or sending messages like before , also contains the ability of surfing the internet and basic processing data ; hence many personal data , passwords , private pictures/videos are stored in the phone. The smart phone has become a mini-PC. So in recent years , many hackers continue to develop viruses , Trojan Horses , bot virus and other malicious software on mobile phones to steal private information , send advertising messages and spam e-mails. Therefore in this paper , we provide a mobile Botnet detection system on Android. Based on the group activities model and abnormal connections metric , installing the Snort IDS to detect real time traffic and the Botnet packet filter to collect abnormal traffic in the frontend. Then upload the abnormal traffic to the detection center . After collecting traffic data from many mobile phones , the center uses similarity algorithms to determine which phone is infected with the bot virus and controlled by attacker.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT079855578
http://hdl.handle.net/11536/48313
Appears in Collections:Thesis


Files in This Item:

  1. 557801.pdf
  2. 557802.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.