RSS Feed
Twitter
100級-林玉燕-基於重複補取法之動態惡意域名服務網路規模估計
[ 摘要 ]
本研究的核心為規模估計動態惡意域名服務網路(Fast-Flux Service Network)的族群規模大小,FFSN是目前網路世界所面臨的極大威脅,其技術可以讓攻擊者隱藏在一群代理伺服器(agent)後面,這樣的方式可以讓攻擊者來躲避偵測使資訊安全人員偵測失敗,FFSN這項技術對犯罪份子的好處是惡意網站可以受到保護,進而延長惡意網站的壽命。所以FFSN的危害日益嚴重,要規模估計FFSN-Agent也相當不容易,且Flux-Agent本身可能是Bot節點,估計FFSN的規模也可以知道其威脅程度。所以本研究藉由重複捕取法(Capture-Recapture Method,CRM)估計Flux-Agent的群體大小,其計算方式是透過Program NOREMARK 的Joint hypergeometric maximum likelihood estimator (JHE)估計族群量,實驗結果只需要前六天所Query的樣本數便可以估計出整個FFSN的族群大小,其實驗結果比普查的方式可以更快速找出整個族群大小。
[ 英文摘要 ]
The purpose of this study is to estimate the group size of Fast-Flux Service Network (FFSN.) FFSN is one of the enormous threats of internet. It can hide the attackers behind a group of agents and by this way the attackers can avoid being detected. The benefit of FFSN to attackers is the malicious websites can be protected and the survival time can be prolonged. The danger of FFSN is getting more serious and Flux-Agent could be a Bot note. To estimate the size of FFSN can find the danger degree but to estimate the size is not easy. Hence, this study uses Capture-Recapture Method (CRM) to estimate the group size of Flux-Agent. By computing the joint hypergeometric maximum likelihood estimator (JHE) of Program NOREMARK, the group size can be found. The experiment needs just the query samples among six days before and the group size of FFSN can be found. The experiment result can more quickly find the group size than census can.
