| Summary: | 碩士 === 國立高雄大學 === 資訊管理學系碩士班 === 100 === Internet has become an indispensable platform in our life, many Internet applications services have been constantly release. However, with the advances in network technology, many of the network attack techniques are also evolved. Among new types of network attack patterns, the impact of malicious network attack is one of the issues which people care about the most. Attackers could remote control the victim host in BotNet, and command all BotNet computers to launch a large-scale cooperative attacks in short time. In recent years, many research results have mentioned BotNet attack caused a serious damage to many enterprises. However, in previous researches about BotNet detection techniques tend to focus on started as a detection object, but they could not have good performance to detect the hidden BotNet computers in the incubation period.
Therefore, this research proposes a detection mechanism to analyze the traffic data based on the association mining approach. To mining the hidden BotNet computer in the network environment which is still in the incubation period. The centralized BotNet characteristic is that BotNet computers would connect to the same command and control server, so we could find out the BotNet computers in the hidden state with the association of their connections. This research builds up a detection system on the campus of National University of Kaohsiung, and uses the real existing BotNet program to evaluate the hidden BotNet detection performance of our detection module. The results show that our proposed mechanism has well performance to uncover hidden BotNet, and we believe this research could be an important reference for future studies that investigate the issue of hidden BotNet detection.
|
|---|
