進階搜尋


   電子論文尚未授權公開,紙本請查館藏目錄
(※如查詢不到或館藏狀況顯示「閉架不公開」,表示該本論文不在書庫,無法取用。)
系統識別號 U0026-3006201415130200
論文名稱(中文) 使用社群網路中心性於惡意網/網站威脅分析之研究
論文名稱(英文) Using Social Network Centrality to Analyze the Threatness of Malicious Web Pages/Sites
校院名稱 成功大學
系所名稱(中) 電腦與通信工程研究所
系所名稱(英) Institute of Computer & Communication
學年度 102
學期 2
出版年 103
研究生(中文) 高瑋辰
研究生(英文) Wei-Chen Kao
學號 Q36001012
學位類別 碩士
語文別 英文
論文頁數 53頁
口試委員 指導教授-楊竹星
口試委員-葉俊雄
口試委員-詹寶珠
口試委員-陳嘉玫
口試委員-林輝堂
中文關鍵字 社群網路  社群網路中心性  惡意網頁  客戶端誘捕系統 
英文關鍵字 Social Network Analysis  Social Network Centrality  Malicious Website  Client Honeypot 
學科別分類
中文摘要 在過去的十年裡,網際網路的發展已經遠遠超過大部分學者的預計。由於這個原因,網絡犯罪攻擊已經從伺服器端攻擊轉移到客戶端攻擊。打擊用戶端攻擊的主要方式是透過客戶端誘捕技術檢測惡意網站並且公布網域黑名單,並且讓有管理權力者處理。然而,這項技術缺乏視覺化分析,以了解多個惡意網站間的整體鏈接結構,並以整體鏈結結構的角度去排名惡意網域或惡意網頁的危脅程度。
在本研究中,我們提出了以客戶端誘捕系統日誌建構可視化社會圖的表示方法。為了增加可視化社會圖的可讀性,並從他們的整體鏈接結構排名惡意網站或網頁的重要性,我們發展出圖案檢測演算法應用在可視化社會圖上 。此外,我們應用社會網絡中心性的測量並加入權重鏈結屬性函數去排名的威脅程度,其中包括:( 1 )高度危險網站(Katz centrality), ( 2 )高關鍵性網頁(Betweenness centrality), ( 3 )熱門惡意軟件(Weighted PageRank algorithm)。
英文摘要 Over the past ten years, the Internet has grown far behind anything that all researchers could have anticipated. For the reason, the cybercriminal attack has shifted away from server-side attack to client-side attack. A primary defense to combat client-side attacks is to detect malicious websites and publish their domains on blacklists and then take them over by the authority through client honeypot technology. However, the weakness for this technology is lack of visualizing analysis to understand the cooperating relationships between multiple malicious websites and ranking threatness of malicious websites by incorporating the overall link structures from and to the domain.
In this research, we proposed an approach to build sociogram representations to visualize multiple client honeypot logs. In order to simplify repeated link characteristics for aiding visualization readability and ranking the importance of malicious hosts from their overall link structure, motifs detection algorithm is developed to the socialgram. In addition, we applied social network centrality measurements incorporating the weighted link attributes functions to rank the threatness including (1) High-threatness hostname Katz centrality, (2) Critical URLs connectivity by betweenness centrality, (3) Malware Popularity by weighted PageRank algorithm. Finally, several interesting findings were explored by socializing analysis.
論文目次 1 Introduction 1
1.1 Client-Side Attack 3
1.2 Attack Toolkits 4
1.3 Client Honeypots Technologies 8
1.4 The Goal of Research 17
2 Related Works 19
2.1 Social Network and Sociogram 19
2.2 Social Network Analysis 20
2.2.1 Degree Centrality 20
2.2.2 Betweenness Centrality 20
2.2.3 Closeness Centrality 21
2.2.4 Eigenvector Centrality 22
2.3 Katz Centrality 24
2.4 Page Rank Algorithm 25
2.5 Proposed Weighted PageRank Algorithm 27
3 Proposed Approach 28
3.1 Definition: 28
3.2 Flow Chart of Visualizing and Analyzing the Threatness of Malicious Websites 29
3.3 Low Threatness Reduction 31
3.4 Motifs Detection: 32
3.5 Rank Threatness: 35
4 Implementation 36
4.1 System Architecture 36
4.2 Data Collection 40
4.3 Vertices and Nodes from THUG XML Events 40
4.4 Events Graph and the Graph with Low Threatness Reduction Graph and Motifs Detection 42
4.5 Rank Threatness 47
5 Conclusion and Future Work 49
References 51
參考文獻 [1] Internet World Stats. Available:
http://www.internetworldstats.com/stats.htm
[2] Client Honeypot. Available: http://en.wikipedia.org/wiki/Client_honeypot
[3] Securityfocus. Available: http://www.securityfocus.com/
[4] Capture-HPC. Available: http://capture-hpc.sourceforge.net/
[5] Honeyclient. Available: http://www.honeyclient.org/trac/
[6] HoneyMonkey. Available: http://research.microsoft.com/HoneyMonkey/
[7] THUG. Available: https://github.com/buffer/thug
[8] MAEC. Available: http://maec.mitre.org/
[9] HoneyC. Available:
https://projects.honeynet.org/honeyc/wiki/AboutHoneyC
[10] Money-Spider. Available:http://monkeyspider.sourceforge.net/
[11] Phoneyc. Available: https://code.google.com/p/phoneyc/
[12]Google’s Safe Browsing API. Available:
https://developers.google.com/safe-browsing/
[13]Microsoft’s SmartScreen Filter. Available:
http://windows.microsoft.com/en-us/internet-explorer/products/ie-9/features/smartscreen-filter
[14] Facebook. Available:https://www.facebook.com/
[15] Myspace . Available:https://myspace.com/
[16] LinkedIn. Available: https://www.linkedin.com/
[17] M. Jamali and H. Abolhassani, "Different Aspects of Social Network Analysis", in the IEEE/WIC/ACM International Conference on Web Intelligence (WI'06), Hong Kong, December 2006.
[18] Wasserman, Stanley, & Faust, Katherine. (1994). Social Network Analysis: Methods and Applications. Cambridge: Cambridge University Press. ISBN 0-521-38269-6
[19] Bonacich, P (1972) Factoring and weighting approaches to clique identification. Journal of Mathematical Sociology 2: 113–120.
[20] Bonacich P (2007) Some unique properties of eigenvector centrality. Social
Networks 29: 555–564
[21] Langville A, Meyer C (2006) Google’s PageRank and Beyond: The Science of Search Engine Rankings Princeton University Press, ISBN 0-691-12202-4.
[22] E. Atsan, Ö. Özkasap, Applicability of Eigenvector Centrality Principle to Data Replication in MANETs, 22nd International Symposium on Computer and Information Sciences (ISCIS), Ankara, Nov 2007.
[23] Katz, L. (1953). A New Status Index Derived from Sociometric Index. Psychometrika, 39-43.
[24] Phuong Duy Pham, Measuring Centraility of Facebook Comments. Available:
http://www.cs.ucdavis.edu/~bai/ECS231/returnsfinal/Pham.pdf
[25] The PageRank Algorithm. Available: http://pr.efactory.de/e-pagerank-algorithm.shtml
[26] Ricardo Baeza-Yates and Emilio Davis ,"Web page ranking using link attributes" , In proceedings of the 13th international World Wide Web conference on Alternate track papers & posters, PP.328-329, 2004.
[27]Hpfeeds. Available: http://hpfeeds.honeycloud.net/
[28]Kibana. Available: http://www.elasticsearch.org/
[29] D3.js. Available: http://d3js.org/
[30] HeliousJS. Available:http://entrendipity.github.io/helios.js/
[31] NetworkX. Available:https://networkx.github.io/
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2019-07-21起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw