跳到主要內容

臺灣博碩士論文加值系統

(44.222.189.51) 您好!臺灣時間:2024/05/18 18:16
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:周承康
論文名稱:基於資料探勘之P2P殭屍病毒偵測系統
指導教授:唐文華唐文華引用關係
學位類別:碩士
校院名稱:國立新竹教育大學
系所名稱:資訊科學研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2011
畢業學年度:99
語文別:中文
中文關鍵詞:貝式網路分類P2P殭屍網路倒傳遞類神經網路偵測系統
外文關鍵詞:Bayesian networkBack Propagation NetworkP2P BotnetDetection System
相關次數:
  • 被引用被引用:0
  • 點閱點閱:264
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
本研究提出一種偵測系統設計概念,主要目的在電腦受P2P殭屍病毒感染的初期,尚未造成災害之前,運用貝氏網路分類以及倒傳遞類神經網路分類,即時將受感染電腦辨識出來,對網路管理員發出警報。本系統的設置提出一種基於連線模式的即時P2P流量辨識方法。此方法能夠有效的偵測P2P應用所產生的流量,並藉此過濾資料庫中已知的流量。實驗結果顯示,透過參數不斷的調整並進行訓練與測試(Training-and-Testing),以及使用決策樹分類法輔助調校,最終取得最佳解。貝氏網路分類在訓練的過程中已可達到90%的異常流量辨識準確率;倒傳遞類神經網路的辨識準確率高達92%。將實際網路流量投入訓練完成的模型之後,所得到的準確率亦相當符合。
This study proposed a design concept for detection system. The main idea is to identify any zombie computer in the first time when being infected. By using Bayes -ian network and Back Propagation Network, recognize the zombies in real time, and giving warning report. This system designed a real time P2P traffic identification based on Connection Patterns. Traffics happened by P2P connections will be filtered by this method effectively. The experiment shows that Bayesian network classifier can recognized 90% anomalous traffic in Training-and-Testing; Back Propagation Network can identified 92% anomalous traffic. After Training-and-Testing, when the real time network traffic go through the model, the identification results are very cooperate with the Training-and-Testing results.
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 研究目的 3
1.4 論文架構 3
第二章 背景知識與文獻探討 4
2.1 P2P通訊架構 4
2.2 殭屍網路 9
2.3 入侵偵測系統 11
2.4 資料探勘 14
第三章 研究設計 23
3.1 特徵辨識 23
3.2 P2P流量特徵 24
3.3 資料探勘方法分析與測試 29
3.4 系統設計 33
第四章 實驗結果與討論 37
4.1 實驗環境: 37
4.2 實驗目的 38
4.3 實驗分析與評估 39
4.4 實驗結果分析 45
第五章 結論以及未來展望 47
5.1 結論 47
5.2 未來方向 47
參考文獻 49


[1] C Arthur Callado, Judith Kelner, Djamel Sadok, Carlos Alberto Kamienski, Stênio, S. Fernandes (2010). "Better network traffic identification through the independent combination of techniques", Journal of Network and Computer Applications 33(4): 433-446.
[2] Karim K. Hirji (1999). “Discovering Data Mining from Concept to Implementation”.
[3] Carela-Español, V., P. Barlet-Ros, Albert Cabellos-Aparicio, J.Sole-Pareta. (2010). "Analysis of the impact of sampling on NetFlow traffic classification", Computer Networks.
[4] Su Chang, Linfeng Zhang, Yong Guan, Daniels, T.E. (2009). "A Framework for P2P Botnets", 594-599.
[5] Wei Lu, Goaletsa Rammidi, Ali A. Ghorbani. (2011). "Clustering botnet communication traffic based on n-gram feature selection." Computer Communications 34(3): 502-514.
[6] Mehdi Mohammadi, Bijan Raahemi, Ahmad Akbari, Hossein Moeinzadeh, Babak Nasersharif. (2010). "Genetic-based minimum classification error mapping for accurate identifying Peer-to-Peer applications in the internet traffic." Expert Systems with Applications.
[7] Juan P. Muñoz-Gea, Josemaria Malgosa-Sanahuja, Pilar Manzanares-Lopez, Juan C. Sanchez-Aarnoutse. (2010). "Implementation of traceability using a distributed RFID-based mechanism." Computers in Industry 61(5): 480-496.
[8] Soysal, M. and E. G. Schmidt (2010). "Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison." Performance Evaluation 67(6): 451-467.
[9] Bin Wang, Piao Ding, Jinfang Sheng. (2008). "P2P Anti-worm: Modeling and Analysis of a New Worm Counter-measurement Strategy." 1553-1558.
[10] Ke Xu, Ming Zhang, Mingjiang Ye, Dah-Ming Chiu, Jianping Wu. (2010). "Identify P2P traffic by inspecting data transfer behavior." Computer Communications 33(10): 1141-1150.
[11] Asud, M.M, Al-khateeb, T., Khan, L., Thuraisingham, B., Hamlen, K.W. (2008). “Flow-based Identification of Botnet Traffic by Mining Multiple Log Files.”
[12] Mizoguchi, S., Kugisaki, Y., Kasahara, Y., Hori, Y., Sakurai, K. (2007). “Implementation and Evaluation of Bot Detection Scheme based on Data Transmission Intervals”
[13] Nahla Ben Amor, Salem Benferhat, Zied Elouedi. (2004). “Naive Bayes vsDecision Trees,” symposium on Applied computing, ACM
[14] Theuns Verwoerd, Ray Hunt. “Intrusion detection techniques and approaches,” Computer Communications, Volume 25, Issue 15, 15:1356-1365.
[15] Lu, C. T., A. P. Boedihardjo, and P. Manalwar. (2005). “Exploiting efficient data mining techniques to enhance intrusion detection systems,” Information Reuse and Integration, Conf.
[16] Animesh Patcha, Jung-Min Park. (2007). “Network Anomaly Detection with Incomplete Audit Data,” Elsevier Computer Networks, Vol. 51, Issue 13.
[17] Strayer, W.T., Walsh, R., Livadas, C., Lapsley, D. (2006). “Detecting Botnets with Tight Command and Control,” IEEE LCN Workshop on Network Security.
[18] Uwe Aickelin, Julie Greensmith, Jamie Twycross. (2004). “Immune SystemApproaches to Intrusion Detection – A Review,” Springer Berlin / Heidelberg.
[19] ShengYi Jiang, Xiaoyu Song, Hui Wang, Jian-Jun Han, Qing-Hua Li. (2006) "A clustering-based method for unsupervised intrusion detections", Pattern Recognition Letters.
[20] Ye, N., Xu, M. and Emran, S.m., (2000) “Probabilistic Networks with Undirected Links for Anomaly Detection,” Proceedings of the IEEE Workshop on Information Assuance and Security
[21] A.K. Ghosh, J. Wanken, F. Charron. (1998) “Detecting anomalous and unknown intrusions against programs”, Proceedings of Computer Security Applications Conference
[22] Ricardo Villamarín-Salomón, José Carlos Brustoloni. (2009) “Bayesian Bot Detection Based on DNS Traffic Similarity”.
[23] S Sen, O Spatscheck, D Wang. (2004) “Accurate, Scalable In-Network Identfication of P2P Traffic Using Application Signatures”
[24] James P. Anderson, (1980). “Computer Security Threat Monitoring and Surveillance,” James P. Anderson Co., Fort Washington, PA.
[25] Dorothy E. Denning. (1987). “An Intrusion-Detection Model”, IEEE Trans. Software Eng., P222~232
[26] Mostafa G.-H Mostafa*, Timothy C. Perkins, Aly A. Farag. (2000). “A Two-step Fuzzy-Bayesian Classification for High Dimensional Data”
[27] 陳薏卉 (2009) "基於連線模式之即時P2P檔案分享的流量辨識方法."
[28] 劉邦威 (2009) "P2P殭屍網路之適應性防禦機制."
[29] 劉建德 (2009) "P2P主動防禦系統之設計與實作."
[30] 陳怡綾 (2009) “在 IRC 伺服器偵測以 IRC 為主的殭屍網路”
[31] 鄧立忠 (2011) "P2P殭屍網路的流量分析與辨識."
[32] 周豐谷 (2006) "P2P資訊流偵測."
[33] 黃程斌 (2003) “入侵偵測系統中基於群及演算法之異常偵測技術評比.”
[34] 李駿偉, 田筱榮, 黃世昆 (2000) “入侵偵測分析方法評估”
[35] Taiwan Honeynet Project http://www.honeynet.org.tw/
[36] 台灣國家資通安全會報 (2007) “Storm Worm 暴風雨加密再進化.”
[37] 葉怡成, (2004)“類神經網路模式應用與實作”, 儒林圖書有限公司
[38] Symantec.cloud™ MessageLabs, (2010 )http://www.symanteccloud.com/
[39] Kohavi, Provost, (1998) “Confusion Matrix” http://www2.cs.uregina.ca/~hamilton/courses/831/notes/confusion_matrix/confusion_matrix.html
[40] Microsoft Research, http://research.microsoft.com/apps/pubs/default.aspx?id=65088
[41] Wiki, http://zh.wikipedia.org/wiki/%E9%BB%9E%E5%B0%8D%E9%BB%9E%E6%8A%80%E8%A1%93
[42] BitComet-DHT, 2005 http://members.multimania.nl/warkinger/read.php?fid=3&tid=27&fpage=1
[43] OSSEC Documentation, http://www.ossec.net/doc/
[44] Snort Documentation, http://www.snort.org/docs
[45] LURHQ Threat Intelligence Group. Phatbot p2p trojan analysis. LURHQ, 2004. http://www.lurhq.com/phatbot.html
[46] IANA, “Port Numbers,” http://www.iana.org/assignments/port-numbers
[47] Jnlin, “File DHT en.svg,” http://commons.wilimedia.org/wiki/File:DHT_en.svg , January 21, 2007.

連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top