| Summary: | 碩士 === 國立成功大學 === 電腦與通信工程研究所 === 102 === Over the past ten years, the Internet has grown far behind anything that all researchers could have anticipated. For the reason, the cybercriminal attack has shifted away from server-side attack to client-side attack. A primary defense to combat client-side attacks is to detect malicious websites and publish their domains on blacklists and then take them over by the authority through client honeypot technology. However, the weakness for this technology is lack of visualizing analysis to understand the cooperating relationships between multiple malicious websites and ranking threatness of malicious websites by incorporating the overall link structures from and to the domain.
In this research, we proposed an approach to build sociogram representations to visualize multiple client honeypot logs. In order to simplify repeated link characteristics for aiding visualization readability and ranking the importance of malicious hosts from their overall link structure, motifs detection algorithm is developed to the socialgram. In addition, we applied social network centrality measurements incorporating the weighted link attributes functions to rank the threatness including (1) High-threatness hostname Katz centrality, (2) Critical URLs connectivity by betweenness centrality, (3) Malware Popularity by weighted PageRank algorithm. Finally, several interesting findings were explored by socializing analysis.
|
|---|
