100級-黃宗恩-以網域名稱服務之郵件交換紀錄為基礎偵測動態惡意域名服務網路
[ 摘要 ]
近年來隨著科技與網際網路的進步,人們的日常生活及商業活動變得越來越依賴網路,因此使許多駭客開始藉由種種不當的入侵與攻擊手法企圖謀取龐大的非法利益;例如「動態惡意域名服務網路(Fast-Flux Service Networks)」便是一項近年來廣被許多駭客使用的新興的攻擊方式,此入侵手法藉由導入DNS之輪替式網域名稱服務(Round Robin DNS, RR-DNS) 技術,透過不斷變換其所對應到的實體機器之網域,來保護具備惡意用途的內容網站,其中被對應的實體機器常為受害的電腦主機,導致此攻擊所造成之危害日益漸增。因此,本研究利用FFSN特徵偵測技術搭配其既有之特徵值為偵測基準來實作一偵測系統,並針對ATLAS及ALEXA所獲取之資料進行測試,以利後續驗證本研究所建置之偵測系統之偵測率及正確率,並分析特徵搭配後的偵測效益,進而從中挑選出最佳方案作為日後之偵測基準。
[ 英文摘要 ]
During recent decades, the explosive development of the Internet brings a remarkable advance in information exchange. Hence, people’s daily life and commercial activities rely on the Internet much tremendously. More and more hackers try to gain enormous illegal profits by such illegitimate invasion and attack approaches. For instance, Fast-Flux Service Networks is one of emerging attack technologies, which is used to invade the system through combining the RR-DNS technology (Round Robin DNS) of DNS. Fast-Flux can protect malicious websites by keeping changing the IP address of the Mothership. In most cases, naïve users’ computers are usually the attack targets so the damage is getting worse with each passing day. Therefore, this study uses FFSN characterization and original features as detection patterns to construct a detection system. The data from ATLAS and ALEXA are tested to evaluate the detection rate and accuracy of the proposed system. Finally, through the analysis of the detection effectiveness after features mapping, the best solution can be found as the future detection pattern.