線上社群網路應用之追蹤鑑識

Feng-Yu Lin; 林豐裕

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/16945

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	孫雅麗
dc.contributor.author	Feng-Yu Lin	en
dc.contributor.author	林豐裕	zh_TW
dc.date.accessioned	2021-06-07T23:50:35Z	-
dc.date.copyright	2014-03-18
dc.date.issued	2014
dc.date.submitted	2014-02-05
dc.identifier.citation	M. Al-Zarouni, “Mobile Handset Forensic Evidence: a challenge for Law Enforcement,” Proceedings of the 4th Australian Digital Forensics Conference. H. Aljifri, M. Smets, and A. Pons, “IP Traceback using header compression,” Computers & Security, vol. 22, no. 2, 2003, pp. 136-151. D. Birk, and C. Wegener, “Technical Issues of Forensic Investigations in Cloud Computing Environments,” Proceedings of the 2011 IEEE 6th International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 1-10. P. Burkholder, “SSL Man-in-the-Middle Attacks”, SANS Institue InfoSec Reading, 2003. F. Callegati, W. Cerroni, and M. Ramilli, “Man-in-the-Middle Attack to the HTTPS Protocol,” IEEE Security & Privacy, vol. 7, no. 1, 2009, pp. 78-81. A. Castelucio, A. Tadeu, A. Gomes, A. Ziviani, and R.M. Salles, “Intra-domain IP traceback using OSPF,” Computer Communications, vol. 35, no. 5, 2012, pp. 554-564. M. Dawson, “The internet location services model,” Computer Communications, vol. 31, no. 6, 2008, pp. 1104-1113. A. Durresi, V. Paruchuri, and L. Barolli, “Fast autonomous system traceback,” Journal of Network and Computer Applications, vol. 32, no. 2, 2009, pp. 448-454. P.T. Endo and D.F.H. Sadok, “Whois based golocation: a strategy to geolocate Internet hosts,” Proceedings of the 2010 24th IEEE International Conference on Advanced Information Networking and Applications, pp. 408-413, 2010. Z. Gao and N. Ansari, “A practical and robust inter-domain marking scheme for IP traceback,” Computer Networks, vol. 51, no. 3, 2007, pp. 732-750. B. Gueye, A. Ziviani, M. Crovella, and S. Fdida, “Constraint-based geolocation of internet hosts,” IEEE/ACM Transactions on Networking, vol. 14, no. 6, 2006, pp. 1219-1232. K. Harrenstien, M. Stahl, E. Feinler, “NICNAME/WHOIS,” IETF Network Working Group, RFC-954, 1985. P. Halkin, K. Kroger, and R. Creutzburg, “Social network forensic: using commercial software in a university forensics lab environment,” Proceedings of the SPIE, vol. 8755, 87550Q-1-87550Q-12, 2013. E. Hilgenstieler, E.P. Duarte Jr., G. Mansfield-Keeni, and N. Shiratori, “Extensions to the source path isolation engine for precise and efficient log-based IP traceback,” Computers & Security, vol. 29, no. 4, 2010, pp. 383-392. H.M. Hsu, F.Y. Lin, Y.S. Sun, and M.C. Chen, “A novel protocol design and collaborative forensics mechanism for VoIP services,” Journal of Communications, vol. 7, no. 2, 2012, pp. 132-142. R. Hunt, “New Developments In Network Forensics- Tools and Techniques,” Proceedings of the 2012 18th IEEE International Conference on Networks, pp. 376-381, 2012. R. Hunt and S. Zeadally, “Network Forensics: An Analysis of techniques, Tools, and Trends,” Computer, vol. 45, no. 12, 2012, pp. 36-43. J. Jarmoc, “Dell SecureWorks Counter Threat UnitSM Threat Intelligence,” Presented at Black Hat Europe, 2012. E. Katz-Bassett, J.P. John, A. Krishnamurthy, D. Wetherall, T. Anderson, and Y. Chawathe, “Towards IP geolocation using delay and topology measurements,” Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, pp. 71-84, 2006. A,D. Keromytis, “Financial Cryptography and Data Security,” Springer, 2012, Berlin, Heidelberg. Y. Kim, A. Helmy, “CATCH: A protocol framework for cross-layer attacker traceback in mobile multi-hop networks,” Ad Hoc Networks, vol. 8, no. 2, 2010, pp. 193-213. R.R. Kubasiak, S. Morrissey, and J. Varsalone, Macintosh OS X, iPod, and iPhone Forensic Analysis DVD Toolkit, Syngress, 2009, Burlington, MA, USA. W.G. Kruse and J.G. Heiser, Computer Forensics: Incident Response Essentials, Addison-Wesley Professional, 2002, p. 392. G.H. Lai, C.M. Chen, B.C. Jeng, and W. Chao, “Ant-based IP traceback,” Expert Systems with Applications, vol. 34, no. 4, 2008, pp. 3071-3080. J. Lee and D.W. Hong, “Pervasive Forensic Analysis Based on Mobile Cloud Computing,” Proceedings of the 2011 Third International Conference on Multimedia Information Networking and Security, pp. 572-576, 2011. J. Lessard, and G.C. Kessler, “Android Forensics: Aimplifying Cell Phone Examinations,” Small Scale Digital Device Forensics Journal, vol. 4, no. 1, 2010, pp. 1-16. D. Li, J. Chen, C. Guo, Y. Liu, J. Zhang, Z. Zhang, Y. Zhang, “IP-geolocation mapping for involving moderately-connected internet regions,” Project participation from Microsoft Research, 2009. L. Li and S.B. Shen, “Packet track and traceback mechanism against denial of service attacks,” The Journal of China Universities of Posts and Telecommunications, vol. 15, no. 3, 2008, pp. 51-58. J. Liu, Z.J. Lee, Y.C. Chung, “Dynamic probabilistic packet marking for efficient IP traceback,” Computer Networks, vol. 51, no. 3, 2007, pp. 866-882. J. Luo, X. Wang, M. Yang, “An interval centroid based spread spectrum watermarking scheme for multi-flow traceback,” Journal of Network and Computer Applications, vol. 35, no. 1, 2011, pp. 60-71. J. Luo, X. Wang, and M. Yang, “An interval centroid based spread spectrum watermarking scheme for multi-flow traceback,” Journal of Network and Computer Applications, vol. 31, no. 1, 2012, pp. 60-71. M. Ma, “Tabu marking scheme to speedup IP traceback,” Computer Networks, vol. 50, no. 18, 2006, pp. 3536-3549. M. Marlingspike, “New Tricks For Defeating SSL in Practice”, Proceedings of the 2009 BlackHat Conference, 2009. J. Maso, K. Pomakis, and N. Julia, “OpenGIS web map tile service implementation standard,” Open Geospatial Consortium Inc., 2010. R. Moore, Cyber Crime, Investigating High-Technology Computer Crime, Anderson, 2005. J.A. Muir and P.C. Oorschot, Internet Geolocation and Evasion, Citeseer, 2006. N.A. Mutawa, I. Baggili, A. Marrington, “Forensic analysis of social networking applications on mobile devices,” Digital Investigation, vol. 9, Supplement, 2012, pp. S24-S33. A. Mylonas, V. Meletiadis, B. Tsoumas, L. Mitrou, and D. Gritzalis, “Smartphone Forensics: A Proactive Investigation Scheme for Evidence Acquisition,” Information Security and Privacy Research, IFIP Advances in Information and Communication Technology, vol. 376, pp. 249-260, 2012. V. Padmanabhan and L. Subramanian, “An investigation of geographic mapping techniques for internet hosts,” Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications, pp. 173-185, 2001. S.G. Punja, and R.P. Mislan, “Mobile Device Analysis,” Small Scale Digital Device Forensics Journal, vol. 2, no. 1, 2008, pp. 1-16. Sarangworld Traceroute Project. http://www.sarangworld.com/TRACEROUTE/. C. Soghoian and S. Stamm, “Certified Lies: Detecting and Defeating Government Interception Attacks against SSL,” Financial Cryptography and Data Security, 2012, pp.250-259. W. Stallings, Cryptography and Network Security - Principles and Practices, 4th ed, Pearson Education International, 2006. Y. Suga, “Countermeasures and tactics for transitioning against the SSL/TLS renegotiation vulnerability,” Proceedings of the Sixth Internal Conference on Innovative Mobile and Internet service in Ubiquitous Computing, 2012. M. Taylor, J. Haggerty, D. Gresty, and D. Lamb, “Forensic Investigation of Cloud Computing Systems,” Network Security, vol. 2011, no.3, 2011, pp. 4-10. T. Vidas T, C. Zhang, and N. Christin, “Toward A General Collection Methodology for Android Devices,” Digital Investigation, vol. 8, Supplement, 2011, pp. S14-S24. D.C. Vixie, P. Goodwin, and T. Dickinson, “A means for expressing location information in the domain name system,” IETF Network Working Group, RFC-1876, 1996. X.J. Wang and X.Y. Wang, “Topology-assisted deterministic packet marking for IP traceback,” The Journal of China Universities of Posts and Telecommunications, vol. 17, no. 2, 2010, pp. 116-121. Wikipedia, “Entropy (information theory),” http://en.wikipedia.org/wiki/Entropy_ (information_theory), 2013. B. Wong, I. Stoyanov, and E. Sirer, “Octant: a comprehensive framework for the geolocalization of internet hosts,” Proceedings of the 4th USENIX conference on Networked systems design & implementation, pp. 313-326, 2007. J. Zdziarski, iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets, O’Reilly, 2010, Sebastopol, CA, USA.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/16945	-
dc.description.abstract	近年來通訊方式的重大變化，大部份的使用者，轉移到以雲端技術為基礎的應用(Cloud-based Applications)，特別是在線社群網路(On-line Social Networks, OSNs)。這些應用服務大多託管在國外，罪犯者可以應用他們來躲避刑事調查和情報蒐集。在這虛擬世界中，執法機構(Law Enforcement Agency, LEA)如何辨別出(Identify) 社群網路中犯罪嫌疑犯的「真實」身分，及其所在的「實體」位置(Geolocation)，是目前數位調查(Digital Investigation)上所面臨的重大挑戰。鑑此，本文研提一個方案，應用IP定位(IP Location)和網路鑑識 (Network Forensics)的概念，目的在發展一個在線社群網路的追蹤鑑識方法與架構。根據我們的實證分析顯示，當目標(Target)用戶使用社群網路應用服務時(例如：Facebook、Twitter等)，透過所研提的機制與方法即可根據該應用的服務資源標識符(Service Resource Identifier, SRI)，亦即帳號，追蹤到目標用戶的「實體位置(Physical Location)」、歷史軌跡，並可以關聯分析出可能的「身分」，可以用來橋接(Bridge)實體世界與虛擬世界。據我們所知，這是第一個針對OSNs所發展和評估的個化分析和定位之方法和架構。	zh_TW
dc.description.abstract	In recent years, with significant changes in the communication modes, most users are diverted to cloud-based applications, especially On line Social Networks (OSNs), which applications are mostly hosted on the outside and available to criminals, enabling them to impede criminal investigations and intelligence gathering. In the virtual world, how the Law Enforcement Agency (LEA) identifies the 'actual' identity of criminal suspects, and their Geolocation in social networks, is a major challenge to current digital investigation. In view of this, this paper proposes a scheme, based on the concepts of IP location and Network Forensics, which aims to develop forensics tracking on Online Social Networks. According to our empirical analysis, the proposed mechanism can instantly trace the “physical location” of a targeted service resource identifier (SRI), when the target client is using online Social Network applications (Facebook, Twitter, etc.), and can analyze the probable target client “identity” associatively. To the best of our knowledge, this is the first individualized location method and architecture developed and evaluated in OSNs.	en
dc.description.provenance	Made available in DSpace on 2021-06-07T23:50:35Z (GMT). No. of bitstreams: 1 ntu-103-D95725003-1.pdf: 5402333 bytes, checksum: 3eafdaee2b518036bb3bafe82e3d10ca (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	Chapter 1 Introduction 1 1.1 Research Background and Motivation 1 1.2 Research Objectives 3 1.3 Organization of the Dissertation 4 Chapter 2 Literature Reviews 5 2.1 IP Location 5 2.2 Mobile Device Forensics 7 2.3 Network Forensics/ Social Networks 8 2.4 Man-in-the-middle Attack 9 Chapter 3 Distributed Agent-based IP Location System Framework Design 12 3.1 IP Location 12 3.2 Design and Implementation of IP Location Mechanism 14 3.2.1 The challenges 14 3.2.2 Overview of the proposed Approach 15 3.2.3. IP Location system framework 18 3.3 Implementation and Analysis 23 3.3.1 Test environment and requirements 23 3.3.2 Test Procedure 25 3.3.3 Discussion 30 Chapter 4 Forensics Tracking for IP User Using the Markov Chain Model 33 4.1 Forensics Tracking 33 4.2 IP User Tracking Forensics Mechanism 34 4.2.1 IP User Trace Reconstruction 34 4.2.2 Computational Forensics for IP User 35 4.2.3 Efficiency Evaluation Index 41 4.3 Empirical Evaluation Discussion 43 4.3.1 IP User Tracking Forensic Mechanism to Existing Framework 43 4.3.2 The Results Evaluation and Discussion 45 4.3.3 Discussion 48 Chapter 5 CloudTracker: A Novel Forensics Tracking Scheme for Online Social Networks Applications 50 5.1 System Architecture and the Main Elements 50 5.1.1 System Architecture 50 5.1.2 Man-in-the-middle Proxy 51 5.1.3 Data Retention System 52 5.1.4 Location Information Retrieval Agent 55 5.1.5 Location Calculation Engine (Profiler) 55 5.2 Forensics Tracking Analysis 56 5.2.1 SRI Location 56 5.2.2 Trace Reconstruction 56 5.3 Empirical Evaluation and Discussion 57 5.3.1 Test Environment and Requirements 57 5.3.2 MITM Decryption Model 59 5.3.3 Scenarios 60 5.3.4 Results Summary 60 5.3.5 Discussion 61 Chapter 6 Conclusions and Remarks 63 References 65
dc.language.iso	en
dc.subject	追蹤鑑識	zh_TW
dc.subject	網路鑑識	zh_TW
dc.subject	IP個化分析	zh_TW
dc.subject	IP定位	zh_TW
dc.subject	數位調查	zh_TW
dc.subject	執法機構	zh_TW
dc.subject	計算的鑑識	zh_TW
dc.subject	在線社群網路	zh_TW
dc.subject	Online Social Network (OSN)	en
dc.subject	Computational Forensics	en
dc.subject	Tracking Forensics	en
dc.subject	Network Forensics	en
dc.subject	IP Individualization	en
dc.subject	IP location	en
dc.subject	Digital Investigation	en
dc.subject	Law Enforcement Agency (LEA)	en
dc.title	線上社群網路應用之追蹤鑑識	zh_TW
dc.title	Forensics Tracking for Online Social Networks Applications	en
dc.type	Thesis
dc.date.schoolyear	102-1
dc.description.degree	博士
dc.contributor.oralexamcommittee	林永松,陳孟彰,莊東穎,李漢銘
dc.subject.keyword	在線社群網路,執法機構,數位調查,IP定位,IP個化分析,網路鑑識,追蹤鑑識,計算的鑑識,	zh_TW
dc.subject.keyword	Online Social Network (OSN),Law Enforcement Agency (LEA),Digital Investigation,IP location,IP Individualization,Network Forensics,Tracking Forensics,Computational Forensics,	en
dc.relation.page	70
dc.rights.note	未授權
dc.date.accepted	2014-02-05
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf 未授權公開取用	5.28 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。