(3.235.236.13) 您好!臺灣時間:2021/05/15 04:28
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果

詳目顯示:::

我願授權國圖
: 
twitterline
研究生:凌偉誠
研究生(外文):Wei-ChengLing
論文名稱:以網路流分析偵測P2P殭屍網路的視覺化框架
論文名稱(外文):A Visualization Framework for P2P Botnet Detection Based on Netflow Analysis
指導教授:謝錫堃謝錫堃引用關係張志標
指導教授(外文):Ce-Kuen ShiehJyh-Biau Chang
學位類別:碩士
校院名稱:國立成功大學
系所名稱:電腦與通信工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2016
畢業學年度:104
語文別:英文
論文頁數:37
中文關鍵詞:殭屍網路視覺化
外文關鍵詞:botnetvisualization
相關次數:
  • 被引用被引用:0
  • 點閱點閱:53
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
隨著網際網路的發達,網路犯罪的事件也層出不窮。殭屍網路(Botnet)為近年來
網路犯罪中常被駭客利用作為網路攻擊的手段之一。駭客可以透過所控制的殭屍
網路執行分散式阻斷服務攻擊(DDoS)、身分個資竊取等行為。如何有效地去偵測
殭屍網路成為一個重要的課題,現行有許多如何有效地偵測殭屍網路的研究。然
而這些研究的結果大部分都是透過文字或數字的方式呈現。對於網路管理人員來
講這些資料並不直覺而且需要時間去過濾了解分析這些資料。透過資料視覺化,
有助於觀察出其他資料呈現方式不易察覺的資料特性。本篇論文提出一個視覺化
的架構方便殭屍網路偵測結果資料視覺化,希望能夠透過視覺化的結果激發出更
多對於殭屍網路偵測想法。
In recent years, the cyber-crimes become a significant issue threat everyone on Internet. There are numerous researches about botnet detection, but most of them only
provide the text-based informatics that is not intuitive for humanity cognition. There are trends about leveraging modern Web technology to present a more deep insight
from data itself. Using visualization on bot activities we think can help network operator to disclose more perceptions about their behaviors. We proposed a botnet
visualization framework to apply malicious consequences into a perceptible representation.
The visualization framework uses Node.js and HTLM5 with Jquery to construct a front-end interface. Network log and malicious behaviors are indexing and store in the
Elasticsearch. Besides, we also characterize those traces to build some compendium into a pivot table to promote the query speed in user interactive. With the sustenance
of several viewpoints, we expect our framework can support administrators to identify more sophisticated acumen about botnet activities.
Chapter 1: Introduction 1
Chapter 2: Background 6
2.1 Elasticsearch 6
2.2 Netflow version 5 8
Chapter 3: System Design 9
3.1 System Overview 9
3.2 System Architecture 11
3.3 Process of Three Visualization Views 13
3.3.1 Process of botnet distribution view 13
3.3.2 Process of Botnet Behavior Pattern recognition 15
3.3.3 Process of IPlist Views 17
3.4 Features of Each Component 18
3.4.1 ETL 18
3.4.2 Full-Text Search Engine 18
3.4.3 Pivot table database 18
3.4.4 Front end(Web GUI) 18
Chapter 4: Implementation 19
4.1 Creation of Visualization View Data 20
4.2 Accessing Visualization ViewS 26
Chapter 5: Visualization 27
5.1 Environments 27
5.2 Botnet geospatial distribution 28
5.3 Botnet Behavior Pattern Recognition 30
5.4 IPlist View 33
Chapter 6: Conclusion and Future Work 35
Chapter 7: Reference 36

[1]Feily, Maryam, Alireza Shahrestani, and Sureswaran Ramadass. A survey of botnet and botnet detection. 2009 Third International Conference on Emerging Security Information, Systems and Technologies. IEEE, 2009.
[2]Wang, Wei, et al. A novel approach to detect IRC-based botnets. Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC'09. International Conference on. Vol. 1. IEEE, 2009.
[3]Dittrich, David, and Sven Dietrich. P2P as botnet command and control: a deeper insight. Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on. IEEE, 2008.
[4]Feily, Maryam, Alireza Shahrestani, and Sureswaran Ramadass. A survey of botnet and botnet detection. 2009 Third International Conference on Emerging Security Information, Systems and Technologies. IEEE, 2009.
[5]Zou, Cliff Changchun, and Ryan Cunningham. Honeypot-aware advanced botnet construction and maintenance. International Conference on Dependable Systems and Networks (DSN'06). IEEE, 2006.
[6]C. Zou and R. Cunningham, Honeypot-aware advanced botnet construction and maintenance, in Proceedings of International Conference on Dependable Systems and Networks (DSN), June 2006.
[7]W.Timothy Strayer , David Lapsely , Robert Walsh ,Carl Livadas Botnet Detection Based on Network Behavior Volume 36 of the series Advances in Information Security 1-24
[8]Binkley, James R., and Suresh Singh. An Algorithm for Anomaly-based Botnet Detection. SRUTI 6 (2006): 7-7.
[9]H. Choi, H. Lee, H. Lee, and H. Kim, “Botnet Detection by Monitoring Group Activities in DNS Traffic, in Proc. 7th IEEE International Conference on Computer and Information Technology (CIT 2007), 2007, pp.715-720.
[10]M. M. Masud, T. Al-khateeb, L. Khan, B. Thuraisingham, K. W.Hamlen, “ Flow-based identification of botnet traffic by mining multiple log file, in Proc. International Conference on Distributed Frameworks & Applications (DFMA), Penang, Malaysia, 2008
[11]G. Gu, R. Perdisci, J. Zhang, and W. Lee, “Botminer: Clustering analysis of network traffic for protocol- and structure independent botnet detection, in Proc. 17th USENIX Security Symposium, 2008
[12]Potter, M.C., Wyble, B., Hagmann, C.E., & McCourt, E.S. (2014). Detecting meaning in RSVP at 13 ms per picture. Attention, Perception, and Psychophysics.Triebel, Rudolph, et al. Intelligent Transportation System.
[13] Elasticsearch, https://www.elastic.co/products/elasticsearch.
[14]Netflow version 5,
http://www.cisco.com/c/en/us/td/docs/net_mgmt/netflow_collection_engine/3-6/user/guide/format.html.
[15]Logstash, https://www.elastic.co/products/logstash.

電子全文 電子全文(網際網路公開日期:20210701)
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關論文
 
無相關期刊
 
無相關點閱論文