臺灣博碩士論文加值系統

近年來殭屍病毒不斷演化，能規避現有的偵測系統，帶來許多資安研究的挑戰。設計上除了隱藏外也捨棄C＆C伺服器、而採用點對點(P2P)的溝通架構，甚至隱匿機器人(Bot)與伺服器之間的通訊。
本文研究機器人(Bot)與伺服器之間的命令與通訊管道，提出在攻擊者與機器人(Bot)之間，隱藏公開網路流量通信，提高偵測困難度。透過結合Steg Blocks與Stegobot的技術，設計隱藏通信的方法，採用較難以檢測的網路隱寫術，創建環境來測試所設計的概念。我們的結果顯示方法的可行性，並探討侷限性與未來修改的彈性。

Recently, zombie viruses have continued to evolve. They can evade existing detection systems and bring many challenges to information security research. In addition to hiding, the design also abandons the C&C server, and adopts a peer-to-peer (P2P) structure, and even hides the communication between the bot and the server.
This thesis studies the command and communication (C&C) channel between the bot and the server, and proposes to hide the network traffic between the attacker and the bot to improve its stealth. We design a method to hide the C&C channel by combining the technologies of Steg Blocks and Stegobot with the feature of steganography and more difficult to be detected. We create an environment to test the designed concept. Our results reveal the feasibility and limitations of the method.

中文摘要 I
ABSTACT II
目錄 IV
圖目錄 V
一、序論 1
1.1 研究動機 1
1.2 研究目的 2
1.3 研究背景 3
二、文獻探討 7
2.1 Stego botnet研究與設計 7
2.2 Steg Blocks概念和框架 9
2.3 Botnet Detection 10
三、研究方法 11
3.1總覽 11
3.2傳遞命令 12
3.3 回傳資訊 14
四、實驗過程 15
4.1總覽 15
4.2Web架設 15
4.3識別碼物件 16
4.4程式撰寫 17
4.5隱寫術工具 20
4.6社交媒體 22
五、實驗結果與分析 24
5.1提升隱蔽性 24
5.2 評估傳輸效率 25
5.3錯誤排除 27
六、結論與未來展望 28
參考文獻 29

[1] F. A. Petitcolas, R. J. Anderson, and M. G. Kuhn, "Information hiding-a survey," Proceedings of the IEEE, vol. 87, no. 7, pp. 1062-1078, 1999.
[2] B. W. Lampson, "A note on the confinement problem," Communications of the ACM, vol. 16, no. 10, pp. 613-615, 1973.
[3] S. Nagaraja, A. Houmansadr, P. Piyawongwisal, V. Singh, P. Agarwal, and N. Borisov, "Stegobot: a covert social network botnet," in International Workshop on Information Hiding, 2011: Springer, pp. 299-313.
[4] K. Singh, A. Srivastava, J. Giffin, and W. Lee, "Evaluating email’s feasibility for botnet command and control," in 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN), 2008: IEEE, pp. 376-385.
[5] N. Pantic and M. I. Husain, "Covert botnet command and control using twitter," in Proceedings of the 31st annual computer security applications conference, 2015, pp. 171-180.
[6] A. Compagno, M. Conti, D. Lain, G. Lovisotto, and L. V. Mancini, "Boten ELISA: A novel approach for botnet C&C in online social networks," in 2015 IEEE Conference on Communications and Network Security (CNS), 2015: IEEE, pp. 74-82.
[7] J. Jeon and Y. Cho, "Construction and performance analysis of image steganography-based botnet in KakaoTalk openchat," Computers, vol. 8, no. 3, p. 61, 2019.
[8] M. Kwak and Y. Cho, "A novel video steganography-based botnet communication model in telegram sns messenger," Symmetry, vol. 13, no. 1, p. 84, 2021.
[9] W. Fraczek and K. Szczypiorski, "Steg Blocks: Ensuring Perfect Undetectability of Network Steganography," in 2015 10th International Conference on Availability, Reliability and Security, 2015: IEEE, pp. 436-441.
[10] McAfee, "McAfee Labs Threat Report," 2017.
[11] E. Alparslan, A. Karahoca, and D. Karahoca, "BotNet detection: Enhancing analysis by using data mining techniques," in Advances in Data Mining Knowledge Discovery and Applications, vol. 349: IntechOpen, 2012.
[12] P. Bąk, J. Bieniasz, M. Krzemiński, and K. Szczypiorski, "Application of perfectly undetectable network steganography method for malware hidden communication," in 2018 4th International Conference on Frontiers of Signal Processing (ICFSP), 2018: IEEE, pp. 34-38.
[13] 維基百科. "ASCII." https://zh.wikipedia.org/wiki/ASCII.
[14] StefanoDeVuono. "steghide." https://github.com/StefanoDeVuono/steghide.
[15] "CryptaPix." https://www.briggsoft.com/cpix.htm.
[16] 維基百科. "Blowfish." https://zh.wikipedia.org/wiki/Blowfish.