標題: 自動化的惡意程式偵測以及感染通報架構
An Automated Framework for Malware Detection and Infection Notification
作者: 施勝凱
Shih, Sheng-Kai
黃俊龍
Huang, Jiun-Long
資訊科學與工程研究所
關鍵字: 網路安全;殭屍網路;DNS;感染通報;Network Security;Botnet;DNS;Infection Notification
公開日期: 2013
摘要: 由於網路的快速發展,網路裝置的數量也有很快速的增長。然而網路的快速發展也使得殭屍網路的問題擴大許多。殭屍網路由許多被感染的電腦所集合而成的網路,目前被認為是網路上最大的危害之一。殭屍網路被殭屍控制者(bot master)所利用來發動各種網路上的惡意攻擊,最常見的就是竊取個人電腦上的資料,以及發動分散式阻斷服務(DDoS)攻擊。本篇論文提出了一個架構來限制殭屍網路的擴張並且保護使用者免於被惡意程式感染。我們建立了三條防線來對抗殭屍網路的擴張。 首先我們藉由惡意網址以及惡意程式的偵測來減少使用者被病毒感染的風險,同時也收集這些惡意資源來做更進一步的分析。 我們也監控DNS封包來檢查使用者電腦是否有向殭屍網路的控制與命令核心- C\&C 伺服器做聯繫。最後,我們改進了現有的感染通報流程,將其完全的自動化。經由我們所提供的IE工具列,我們可以快速的通知使用者電腦是否有被感染並且發動過惡意攻擊,因而有效的抑制殭屍網路的擴張。
With the progress of Internet, the number of Internet connected devices has increased sharply. The rapid expansion of network also leads to the expansion of botnet, which have become a serious threat to the Internet. Botnets are formed by many compromised computers, which can be used by bot master to steal data or to participate in Distributer Denial of Services (DDoS) attacks. This paper proposed a framework to restrain the spread of botnet. Our framework is implemented on plug-in Internet Explorer and is designed for alarm computer owners. We have built three defend lines against the botnet expansion. First, we detect the web-based malwares and malicious URLs to reduce to risk of being infected. Also, the collected malicious sources will send to the malware database for further analyze. Second, the DNS protocol is usually utilized in botnet to provide the command and control (C\&C) server with flexibility and strength. We monitor the DNS traffics to examine if target computers have been a bot. Last, we improve the current infection notification flow with our framework. The current notification flow is cumbersome and involves with a lot of manual works. We reduce the notification time from 2 or 3 days to 15 minutes. With these defending approaches, we can effective restrain the scale of botnet.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT070056085
http://hdl.handle.net/11536/73394
顯示於類別:畢業論文