網際網路已經成為人們不可或缺的一部分，上網查資料、使用拍賣網站以及玩線上遊戲等等，它帶來給人們便利性，但正因為其便利，因此也暗藏著危險性存在。有不少的不肖分子想要透過網際網路竊取破壞他人資料以謀取利益，所以其安全性不可不察。
攻擊者為了達到目的，通常會使用多種的攻擊手段，包括：分散式阻斷服務攻擊（Distributed Denial of Service, DDoS）、垃圾郵件（Spam）等等，而這些攻擊手段則需要多台的電腦資源才能夠呈現其效果，因此有人會透過惡意程式（Malware）試圖感染植入缺少防護或是粗心使用者的電腦當中使其形成殭屍網路（Botnet），因此抵禦殭屍網路成為網路安全中相當重要的一個議題。P2P殭屍網路是一種新型的殭屍網路型態，因為任何成員都可以成為攻擊者控制整個網路的節點，所以較難以抵禦。
本研究提出以P2P殭屍網路流量特徵行為的基礎，分成六大階段對網路流量進行辨識，試圖找出已知或未知的P2P殭屍網路病毒流量，透過流量相關資訊進而找到殭屍電腦的位置加以管制處理以避免感染繼續蔓延。

The Internet has become an indispensable part of the human life and it provides us with convenient services, for example, searching for information, using auction website, playing online game, and so on. Due to its convenience, hackers are trying to commit crimes to obtain some benefits. Therefore, network security has become a important issue of research area today.
Usually, crackers use a variety of methods to achieve the purpose of attacks, for example, Distributed Denial of Service (DDOS) and spam mail. These methods require a large number of computers to achieve the goal; hence crackers must spread malicious software to infect the computers with lower defending mechanisms. The infected computers will become the zombies in the botnets controlled by the crackers.Thus, it is an important subject in network security to detect and defend the botnets.Among them, the Peer-to-Peer (P2P) botnet is a new type of botnets with every zombie as a peer controlled cracker and thus the defending is more difficult.
The object of this research is to find out the traffic flows produced by known or unknown malicious software for defending the P2P botnet. Base on the analysis of
P2P network’s connection flows and their package patterns, a mechanism containing six stages is proposed to identify P2P botnet traffics and locate the zombies, and the
objective is to restrain these computers from further infection.

1. 資安人, “殭屍電腦從亞太第一變全球第一,＂http://www.informationsecurity.com.tw/article/article_detail.aspx?aid=5690.
2. 劉邦威, “P2P 殭屍網路之適應性防禦機制,＂ 中原大學資訊工程學系碩士學位論文, 2009.
3. 時尚新聞, “殭屍網路,＂http://reynard-news.blogspot.com/2010/01/blog-post_6724.html.
4. 維基百科, “分散式阻斷服務攻擊,＂http://zh.wikipedia.org/zh-tw/分散式阻斷服務攻擊
5. 台灣微軟資安部落格, “第一個產業與政府聯手對抗殭屍網路的行動,＂http://blogs.technet.com/b/twsecurity/archive/2010/03/10/waledac.aspx
6. 維基百科, “點對點技術,＂ http://zh.wikipedia.org/zh-tw/點對點技術
7. 李紹唐, “P2P網路流量管理系統之設計與實作,＂ 國立中山大學資訊工程學系碩士學位論文, 2008.
8. 維基百科, “Gnutella,＂ http://zh.wikipedia.org/zh-tw/Gnutella
9. 維基百科, “Napster,＂ http://zh.wikipedia.org/zh-hant/Napster
10. Skype官方網站, http://www.skype.com/intl/zh-Hant/home/
11. 維基百科, “CAN,＂ http://zh.wikipedia.org/zh-tw/控制器區域網路
12. 維基百科, “BitTorrent,＂http://zh.wikipedia.org/zh-tw/BitTorrent_(协议)
13. Foxy官方網站, http://tw.myfoxy.net/
14. GoGoBox官方網站, http://www.gogobox.com.tw/
15. 陳薏卉, “基於連線模式之即時P2P檔案分享的流量辨識方法,＂ 國立交通大學網路工程所碩士學位論文, 2009.
16. 周豐谷, “P2P資訊流偵測,＂ 國立台灣科技大學電子工程系碩士學位論文, 2006.
17. 陳建伯,許洲銘,邱俊融,唐善智,吳敬慧,劉怡凭,“以封包特徵為基礎 識別P2P檔案分享行為,＂ 銘傳大學電腦與通訊工程學系
18. Z. Zhu, G. Lu, Y. Chen, Z. J. Fu, P. Roberts, and K. Han. “Botnet research survey,＂ In 2008 32nd Annual IEEE
International ComputerSoftware and Applications Conference (COMPSAC＇08), Turku, Finland,July 2008.
19. Wikipedia, “Botnet,＂ http://en.wikipedia.org/wiki/Botnet
20. P. Bacher, T. Holz, M. Kotter, and G. Wicherski, “Know your Enemy:Tracking Botnets,＂http://www.honeynet.org/papers/bots.
21. Searchengineland, Report: Click Fraud Rate For Q2 2010 28.9%
22. The Honeynet Project, https://www.honeynet.org/
23. Zou, C.C. and Cunningham, R.,“Honeypot-Aware Advanced Botnet Construction and Maintenance,＂International Conference on
Dependable Systems and Networks, pp. 199-208, 2006.
24. Wikipedia, Traffic_flow_(computer_networking).
25. A. Karasaridis, B. Rexroad, D. Hoeflin, “Wide-scale botnet detection and characterization, ＂ in Proc, USENIX Conf,
HotBots＇07, Cambridge, MA, Apr. 2007.
26. Goebel, J., Holz, T. “Rishi: Identify Bot-Contaminated Hosts by IRC Nickname Evaluation,＂ 1st Workshop on Hot Topics in
Understanding Botnets, April 2007.
27. W. Lu, M. Tavallaee, G. Rammidi, and A. Ghorbani, “BotCop: An online botnet traffic classifier,＂ in Communication
Networks and Services Research Conf., 2009.
28. FreeNet, http://freenetproject.org/
29. Wikipedia, “eDonkey_network,＂http://en.wikipedia.org/wiki/EDonkey_network
30. Subhabrata Sen, Jia Wang, “Analyzing peer-to-peer traffic across large networks,＂ Proceedings of the 2nd ACM SIGCOMM
Workshop on Internet measurment, November 06-08, 2002, Marseille, France.
31. Subhabrata Sen, Oliver Spatscheck, Dongmei Wang, “Accurate,scalable in-network identification of p2p traffic using
application signatures,＂ Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York,
NY, USA.
32. C. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer. “Using machine learning techniques to identify botnet traffic.
InProceedings of the 2nd IEEE LCN Workshop on Network Security (WoNS'2006), 2006.
33. Gu, G., Perdisci, R., Zhang, J., Lee, W. “Botminer: Clustering analysis of network traffic for protocol- and structure-
independent botnet detection,＂ In: Proceedings of the USENIX Security Symposium, 2008.
34. J.R. Quinlan, “C4.5: Programs for Machine Learning,＂ Morgan Kaufmann Publishers, 1993.
35. Wikipedia, "K-MeansClustering" http://en.wikipedia.org/wiki/K‐means_clustering
36. Jnlin, “File DHT en.svg,＂http://commons.wikimedia.org/wiki/File:DHT_en.svg , January 21, 2007.
37. IANA, "Port numbers," http://www.iana.org/assignments/port-numbers