Botnet Detection and Collapse based on Traffic Analysis
碩士 === 國立中央大學 === 資訊工程研究所 === 97 === A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Botnets are evolved from malicious program, its features are providing the attacker s...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Language: | zh-TW |
Published: |
2009
|
Online Access: | http://ndltd.ncl.edu.tw/handle/5q2kvp |
id |
ndltd-TW-097NCU05392012 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-097NCU053920122019-05-15T20:32:02Z http://ndltd.ncl.edu.tw/handle/5q2kvp Botnet Detection and Collapse based on Traffic Analysis 透過封包分析偵測並瓦解僵屍網路 Tian-Hao Chen 陳天豪 碩士 國立中央大學 資訊工程研究所 97 A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Botnets are evolved from malicious program, its features are providing the attacker secret, flexibility and very powerful capability. IRC is the most common botnet commend and control mechanism because it is scalable and easy to hide within. So in this paper, we focus on the IRC-based virus, using DNS hijacking technology to converge computers infected with botnet virus, this way is to monopolize the connection between hackers. Then figure out hackers how to control bots via traffic analysis. Our results show that bots traffic can be filtering and redirection, and we also can give bot client assistance in clean virus up. Li-Ming Tseng 曾黎明 2009 學位論文 ; thesis 34 zh-TW |
collection |
NDLTD |
language |
zh-TW |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 國立中央大學 === 資訊工程研究所 === 97 === A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Botnets are evolved from malicious program, its features are providing the attacker secret, flexibility and very powerful capability.
IRC is the most common botnet commend and control mechanism because it is scalable and easy to hide within. So in this paper, we focus on the IRC-based virus, using DNS hijacking technology to converge computers infected with botnet virus, this way is to monopolize the connection between hackers. Then figure out hackers how to control bots via traffic analysis. Our results show that bots traffic can be filtering and redirection, and we also can give bot client assistance in clean virus up.
|
author2 |
Li-Ming Tseng |
author_facet |
Li-Ming Tseng Tian-Hao Chen 陳天豪 |
author |
Tian-Hao Chen 陳天豪 |
spellingShingle |
Tian-Hao Chen 陳天豪 Botnet Detection and Collapse based on Traffic Analysis |
author_sort |
Tian-Hao Chen |
title |
Botnet Detection and Collapse based on Traffic Analysis |
title_short |
Botnet Detection and Collapse based on Traffic Analysis |
title_full |
Botnet Detection and Collapse based on Traffic Analysis |
title_fullStr |
Botnet Detection and Collapse based on Traffic Analysis |
title_full_unstemmed |
Botnet Detection and Collapse based on Traffic Analysis |
title_sort |
botnet detection and collapse based on traffic analysis |
publishDate |
2009 |
url |
http://ndltd.ncl.edu.tw/handle/5q2kvp |
work_keys_str_mv |
AT tianhaochen botnetdetectionandcollapsebasedontrafficanalysis AT chéntiānháo botnetdetectionandcollapsebasedontrafficanalysis AT tianhaochen tòuguòfēngbāofēnxīzhēncèbìngwǎjiějiāngshīwǎnglù AT chéntiānháo tòuguòfēngbāofēnxīzhēncèbìngwǎjiějiāngshīwǎnglù |
_version_ |
1719099626687037440 |