自動化命令與控制伺服器連線及惡意郵件偵測系統

Abstract

現今科技的快速成長，人們已離不開網路生活。近年來隨著網路的發達，惡意程式開始大量增加。駭客有愈來愈多的方法可以感染使用者的個人電腦。例如可以透過電子郵件或惡意連結來植入惡意程式，而且此程式具有隱藏的特性。殭屍網路依然是網路安全上的危害之一，駭客透過命令與控制伺服器控制網路上的殭屍電腦，並且命令它們散佈垃圾郵件、偷取個人電腦上的個人機密、發動分散式阻斷服務攻擊，甚至造成整個網路癱瘓。本篇論文提出的系統架構增強使用者電腦的安全性與便利性。自動阻擋網路探索者瀏覽器進入惡意網頁，並收集惡意程式做更進一步的分析。另外，針對網頁電子郵件，自動化偵測郵件原始碼的來源網域與附加的檔案。最後，利用API hooking技術監控電腦上的程式是否存在與命令與控制伺服器的可疑連線，自動關閉惡意程式。藉此上述的方法有效防止殭屍網路的快速擴張，並且大幅降低使用者感染病毒的可能性。

With the progress of technology, people can't live without Internet. In recent years with the Internet development, the number of malware increases significantly. There are more and more methods that hackers can infect personal computers. For example, hackers can implant malware to personal computers via spam mails or hyperlinks, and malware can also hide the attacker. Botnet has become a serious threat to the Internet. Hackers can control compromised computers through command and control (C&C) server, and command them to send Emails, steal personal information, launch Distributer Denial of Services (DDoS) attacks, and even cause the entire network can’t work. This paper proposed a framework to increase functionality and improving convenience for users. The proposed framework can automatically prevent users from visiting malicious website by Internet Explorer browser. In addition, it can automatically detect the mail’s source and attached files. Finally, if malware connected to any C&C servers, our framework is able to detect it by using API hooking technique, and automatically kill it. By the above methods, it will restrain the scale of botnet effectively and reduce the risk of infected personal computers significantly.