98級-莊竣程-偵測與分析Fast-Flux Service Network
[ 摘要 ]
隨著網際網路的高度發展,網路安全已是我們所面臨最嚴重的問題之一。有一大群不法之徒運用著網際網路從事非法的活動,像是木馬、病毒散播、分散式阻斷服務攻擊、垃圾郵件與釣魚網站的威脅等,基於不法利益的考量,犯罪者對於他們的非法活動有高度的可用性需求,而為了混淆他們的詐欺活動,犯罪者們最近開始使用一種稱為Fast-Flux Service Networks的攻擊手法,FFSN是由一群被用來當作代理轉向服務的傀儡網路(botnet)所組成,同時利用這些受感染的傀儡主機來呈現犯罪者所架設的詐欺內容。
本研究實作建置一系統,針對Malware Domain List資料來源偵測FFSN惡意網域,探討當前網路犯罪中FFSN被犯罪者應用的實際情形、並分析被感染節點之分佈概況等。
[ 英文摘要 ]
As the highly development of Internet, one of the most serious threats we face is cyber-security. There are many groups of criminals using the Internet to engage in illegal activities like Trojan horse, viruses, DDoS attacks, spam emails and phishing. They motivated by illegal profit, have a high demand in availability of their illegal activities, and to confuse the location of their services. These criminals recently started to use a new technique called Fast-Flux Service Networks, composed of large groups of bots and acting as proxies to their scam contents.
In this thesis we implemented a system, detecting whether the data which are from Malware Domain List are belong to FFSN or not. Also, we investigate the utilization of FFSN by miscreants on the Internet, and analyzing the location details of the infected bots.