Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/92927
DC FieldValueLanguage
dc.contributor林冠成zh_TW
dc.contributor.author李偉強zh_TW
dc.contributor.authorWei-Chiang Lien_US
dc.contributor.other資訊管理學系所zh_TW
dc.date2015zh_TW
dc.date.accessioned2015-12-16T05:55:44Z-
dc.identifierU0005-2008201512450900zh_TW
dc.identifier.citation參考文獻 [1] 賽門鐵克2013年網路安全威脅研究報告 https://scm.symantec.com/resources/istr19_tw.pdf [2] 惡意程式知識庫 http://owl.nchc.org.tw/km/ [3] 林冠成, 廖振利, '倒傳遞類神經網路結合特徵選取應用於殭屍網路偵測,' 國立中興大學資訊管理學系碩士學位論文, 台灣, 2013 [4] Choi, Hyunsang, and Heejo Lee. 'Identifying botnets by capturing group activities in DNS traffic.' Computer Networks 56.1 (2012): 20-33. [5] J.-H. Chen, M. Zhong F.-J. Chen, A.-D. Zhang, 'DDos Defense System with Turing Test and Neural Network,' IEEE International Conference on Granular Computing, Handzhou, China, pp38-43, August, 2012. [6] Fattah, Mohamed Abdel. 'The use of MSVM and HMM for sentence alignment.' Journal of Information Processing Systems 8.2 (2012): 301-314. [7] Deb, Kalyanmoy, et al. 'A fast and elitist multiobjective genetic algorithm: NSGA-II.' Evolutionary Computation, IEEE Transactions on 6.2 (2002): 182-197. [8] Holland, J.H., Adaptation in Natural and Artificial Systems. 1975: The University Michigan Press, Ann Arbor. [9] Kennedy, J. and R.C. Eberhart. Particle swarm optimization. IEEE International Conference on Neural Networks. 1995. Perth, Australia. [10] X.-L. Li, Z.-J. Shao, and J.-X. Qian, Optimizing methodbased on autonomous animats: fish-swarm Algorithm. System Engineering Theory and Practice, vol. 22, no. 11, pp. 32–38, 2002. [11] H. Chen, S. Wang, J. Li, and Y. Li, A hybrid of artificialfish swarm algorithm and particle swarm optimization forfeedforward neural network training. Proceedings of the International Conference on Intelligent Systems and Knowledge Engineering, 2007. [12] 林冠成, 陳斯揚, '改良式魚群演算法應用於支援向量機之特徵選取與參數最佳化,' 國立中興大學資訊管理學系碩士學位論文, 台灣, 2014. [13] C. Langin, H. Zhou, S. Rahimi, B. Gupta, M. Zargham, and M. R. Sayeh, 'A Self-Organizing Map and Its Modeling for Discovering Malignant Network Traffic,' IEEE Computational Intelligence in Cyber Security (CICS '09), 2009. [14] K. Wang, C.Y. Huang, S.J. Lin, Y.D. Lin, 'A fuzzy patten-based filtering algorithm for botnet detection.' The International Journal of Computer and Telecommunications Networking, NY, USA, Vol. 55, pp.3275-3286, October, 2011. [15] Wang Zilaong, Wang Jinsong, Huang Ye, Xia Chengyi. The Detection of IRC Botnet Based on Behavior. Second International Conference on MultiMedia and Information Technology. 2010 [16] M.M. Masud, T. Al-khateeb, L. Khan, B. Thuraisingham, K. W. Hamlen, 'Flow-based Identification of Botnet Traffic by Mining Multiple Log Files,' International Conference on Distributed Framework and Applications (DFmA 2008), 2008. [17] botminer Gu, G., Perdisci, R., Zhang, J., & Lee, W. (2008, July). BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection. In USENIX Security Symposium (Vol. 5, No. 2, pp. 139-154). [18] Brezo, F., Santos, I., Bringas, P.G. & del Val, J.L. (2011). Challenges and Limitations in Current Botnet Detection. The 22nd International Workshop on Database and Expert Systems Applications, 95-101. [19] Rostami, M.R., Shanmugam, B., & Idris, N.B. (2011). Analysis and detection of P2P botnet connections based on node behaviour. World Congress on Information and Communication Technologies, 928-933. [20] Li, C., Jiang, W., & Zou, X. (2009). Botnet: Survey and Case Study ,Innovative Computing, Information and Control, 1184-1187. [21] 李興漢, 張宗銓, '在網路行為中以PSO+K-means 偵測殭屍網路之機制,' 大同大學資訊經營研究所碩士學位論文, 台灣, 2012. [22] SVM Cortes, C.; Vapnik, V. (1995). 'Support-vector networks'. Machine Learning 20 (3): 273 [23] V. Vapnik and C. Cortes, 'Support-Vector Networks,' Machine Learning, 1995, vol. 20, no. 3, pp. 273-297. [24] V. N. Vapnik, 'The Nature of Statistical Learning Theory,' Springer-Verlag, 1995, New York, USA. [25] O. Avila-garcía and Lola Cañamero, Using Hormonal Feedback to Modulate Action Selection in a Competitive Scenario. the proceedings of the 8th International Conference of Adaptive Behavior, pp. 243-252, 2004. [26] 林冠成, 林泳佐, '改良貓演算法應用於特徵值選取與支援向量機參數最佳化之研究,' 國立中興大學資訊管理學系碩士學位論文, 台灣, 2013. [27] Wireshark https://www.wireshark.org/ [28] Malwares DB, http://malwares.underc0de.org/?dir=Botnets [29] Beware Ircd, http://ircd.bired.org/ [30] MIRC, http://www.mire.com/ [31] Open Malware, http://www.offensivecomputing.net/ [32] 田筱榮, 劉邦威, 'P2P殭屍網路之適應性防禦機制,' 中原大學資訊工程學系研究所碩士學位論文, 台灣, 2009. [33] 雷祖強, 周天穎, 萬絢, 楊龍士, 許晉嘉, '空間特徵分類器支援向量機之研究,' 航測及遙測學刊, 12卷2期, 2007. [34]張家慶. 運用資料探勘技術於偵測P2P 機器人網路之研究. 大同大學資訊經營研究所碩士論文. 2010zh_TW
dc.identifier.urihttp://hdl.handle.net/11455/92927-
dc.description.abstractInformation technology which makes our life more convenient is developing rapidly today. Network is one of the important information technology products, however it also brings cybercrime, such as Botnet, which infected computers, called victims to do DDoS, phishing, spam and stealing of personal information. Every year the amount of infected victims is increasing. Consequently, the botnet detection is more important day after day. There are three type of botnets. Botnets can be divided into three categories: IRC, P2P and HTTP. Botnet often changed communication tools and transmission methods to avoid being detected, so the Botnet detection becomes more and more difficult. This study hopes to use feature selection to get the important feature subsets of communication flows, and this study we use the method of Modified Artificial Fish Swarm algorithms combining Support Vector Machine (SVM) for feature selection. The purpose of this study is supposed to make an Intrusion-detection system which can detect traffic for any type of botnets. We collected traffic data of infected computers from the first hour to simulated computers which had just been infected. We collected three different types of botnet traffics and there are different feature subsets in these botnet traffics. But there are similarities in those botnet trafficsen_US
dc.description.abstract資訊科技日趨蓬勃發展的今天,雖然網路帶來了便利的生活,卻也成為了一個新的犯罪溫床。其中尤以殭屍網路病毒(Botnet)屬危險程度與成長速度最快的網路威脅之一,幾乎是近來最主要的網路犯罪型態。 殭屍網路病毒可以用其傳播方式分成:IRC、HTTP、P2P來將其分為三類,由於殭屍網路不斷的演變其溝通與傳送之方式,使得偵測上變得越來越困難。本研究希望將各種傳播方式之殭屍網路之溝通方式,以特徵選取(feature selection)的方式取得殭屍網路間溝通流量之重要特徵,並透過分類器方法來驗證特徵選取之最佳特徵子集合。特徵選取的目標是要從原有的特徵中挑選出最佳的部分特徵,能夠達到使其分類正確率提升的效果。而這些提選出來的特徵不但能夠加速分類時間,也可以幫助我們去瞭解偵測殭屍網路這段過程中究竟關鍵的因素存在於哪裡。 研究目的是希望能夠實做一個能偵測到電腦剛感染病毒時產生的流量特徵,本篇研究收集了電腦遭受感染的第一個小時的流量資料,並使用改良式魚群演算法結合支援向量機去偵測可以得到一個非常好的正確率。而在不同類型殭屍網路流量的資料集中,為了貼近真實情況將三種不同病毒的惡意流量混合分別混入相同的一筆正常網路流量,但在選取後的最佳特徵子集合上所選取的集合內容特徵卻不盡相同,說明三種病毒感染後的影響有所差異但在總觀上來看電腦遭殭屍網路病毒感染後產生的流量依然有其特定特徵。zh_TW
dc.description.tableofcontents目次 摘要 I Abstract II 表目次 IV 第一章 緒論 1 1.1. 研究背景與動機 1 1.2. 論文架構 3 第二章 文獻探討 4 2.1. 殭屍網路 4 2.1.1. 殭屍網路介紹 4 2.1.2. 不同溝通機制類型之殭屍網路 6 2.1.3. 殭屍網路偵測手法 7 2.2. 殭屍網路偵測相關特徵 9 2.2.1. IRC殭屍網路相關特徵 9 2.2.2. P2P殭屍網路相關特徵 10 2.3. 支援向量機(Support Vector Machine, SVM) 11 2.4. 魚群演算法(Artificial Fish Swarm Algorithm, AFSA) 13 2.4.1. 魚群演算法流程 14 2.4.2. 魚群演算法參數定義 14 2.4.3. 魚群演算法搜尋步驟 15 2.4.4. 改良式魚群演算法 16 第三章 實驗設計 20 3.1. 資料收集 20 3.2. 環境架構 21 3.3. 殭屍網路病毒 22 3.4. 資料轉換 24 第四章 實驗架構與結果 26 4.1. 實驗架構 26 4.2. 實驗結果 28 4.2.1. 單一類型殭屍網路偵測結果 28 4.2.2. 驗證特徵 32 第五章 結論與未來研究方向 34 參考文獻 35zh_TW
dc.language.isozh_TWzh_TW
dc.rights同意授權瀏覽/列印電子全文服務,2018-08-21起公開。zh_TW
dc.subjectBotneten_US
dc.subjectFeature selectionen_US
dc.subjectBotnet detectionen_US
dc.subjectBehavior detectionen_US
dc.subject殭屍網路zh_TW
dc.subject特徵選取zh_TW
dc.subject行為偵測zh_TW
dc.subject殭屍網路偵測zh_TW
dc.titleDetection for Different Type Botnets Using Feature Subset Selection based on Modified Artificial Fish Swarm Algorithmen_US
dc.title基於改良式魚群演算法之特徵選取應用於不同溝通機制殭屍網路的偵測zh_TW
dc.typeThesis and Dissertationen_US
dc.date.paperformatopenaccess2018-08-21zh_TW
dc.date.openaccess2018-08-21-
Appears in Collections:資訊管理學系
文件中的檔案:

取得全文請前往華藝線上圖書館



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.