RSS Feed
Twitter
99級-楊昆鑫-以DNS Query Time 為基礎偵測Fast-Flux Service Networks(FFSN)
[ 摘要 ]
隨著網際網路被運用在商業的頻率越來越高,網路攻擊所造成的利益損害已經逐漸擴大。駭客運用著網際網路從事非法的活動,像是木馬、病毒散播、分散式阻斷服務攻擊、垃圾郵件與釣魚網站的威脅等,為了獲取龐大的利益,犯罪者對於非法活動的需求日漸成長,而為了讓這些詐欺行為具有高度的隱蔽性,犯罪者開始使用一種稱為Fast-Flux Service Networks的攻擊手法,FFSN是由一群被用來當作代理轉向服務的傀儡網路(botnet)所組成,利用這些受感染的傀儡主機便可以將使用者重新導向至犯罪者所架設的惡意內容。
本研究實作建置一系統,以本研究所探討之偵測特徵搭配既有特徵為偵測基準,針對Malware Domain List及ATLAS資料來源偵測FFSN惡意網域,探討當前網路犯罪中FFSN被犯罪者應用的實際情形、並分析偵測效益並挑選出最佳方案作為日後之偵測基準。
[ 英文摘要 ]
With the Internet being used more frequently in the business, network attack have caused damage to the interests gradually expanded. Hackers use the Internet for illegal activities, such as Trojan, viruses, DDoS attacks, spam and phishing, etc. In order to obtain huge benefits, the offender’s demand for illegal activities growth, and to make such fraud a high degree of concealment, the offender began to use the attack tactics called Fast-Flux Service Network (FFSN). FFSN is composed by who is used by a group of agents to service as a proxy of the botnet. Use these infected host can redirect the user to the malicious content that offender set.
In this thesis we implemented a system, we use the detection feature discuss in this thesis and the features that is already discussed in other study to detect whether the data which are from Malware Domain List and ATLAS are belong to FFSN or not. Also, we investigate the utilization of FFSN by miscreants on the Internet, and analyze the detection performance and select the best case as the baseline of detection in the future.
