中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/48466
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42729375      Online Users : 1274
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/48466


    Title: none FFRTD: Beat Fast-Flux by Response Time Differences
    Authors: 林松輝;Song-Hui Lin
    Contributors: 資訊工程研究所
    Keywords: ;FFSN;RRDNS;CDN
    Date: 2011-07-28
    Issue Date: 2012-01-05 14:55:33 (UTC+8)
    Abstract: 近年來,Fast-Flux Service Network (FFSN) 在網際網路上已經造成重大的威脅,它的成員主要來自大量遭惡意程式感染的電腦。攻擊者利用這類攻擊手法發起一系列的違法行為,舉凡分散式阻斷服務攻擊、發送垃圾郵件、架釣魚網站和散佈惡意程式等。由於 FFSN 本身具有高度的隱蔽性,我們難以將攻擊者繩之以法,也無法輕易摘除整個有害的網路服務。 在本篇論文中,我們發現一種簡單且新穎的特徵─difference,它是用來衡量一個 fast-flux 網域名稱其對應所有主機之負載平衡的變化程度。我們也提出了一套偵測系統 FFRTD,它使用 difference 特徵搭配 DNS 的查詢結果,讓我們可以在兩小時以內將一個全新的網域名稱分類成「正常 (benign)」或「fast-flux」。而由我們的方法中,在做分類的同時,並不需要存取資料庫,只需要利用培訓資料 (training data) 過程中所產生的門檻值 (ff-score threshold)。本研究的實驗結果證明,我們所提出的偵測系統能夠準確地判斷出身陷 FFSNs 的網域名稱,並且我們也開拓一個新的觀察視野,對於了解一個 fast-flux 網域名稱將會很有幫助。 FFSNs have become severe threats on the Internet in recent years. They consist of a large amount of compromised hosts for malicious activities such as launching DDoS, delivering spam mails, hosting phishing sites and distributing malicious programs. As a result of the highest concealment of FFSNs, it is really difficult to find out attackers and foil down the entire illegal networks. In this paper, we discovered a novel and simple feature, difference, which measures the degree of the load balance of all IP addresses in a domain name. And we also present FFRTD that can make a brand-new domain name be classified into benign and fast-flux ones by the difference with DNS lookup results within two hours. With our method, there is no need to access database but use the ff-score threshold we generated in the training phase while classifying domain names. According to experimental results, our proposed detection system, FFRTD, is able to accurately detect FFSNs. Furthermore, we contribute a new vision to observe the behavior of a fast-flux domain name.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML563View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明