博碩士論文 103522073 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:26 、訪客IP:18.234.139.149
姓名 林杰儒(Chieh-Ju Lin)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(CPJ: A Cloud-Based Protection Mechanism against JavaScript Style Attacks)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載]
  1. 本電子論文使用權限為同意立即開放。
  2. 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
  3. 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。

摘要(中) 資訊科技日新月異,自1999年提出Web 2.0開始,網頁的型態越來越多樣化。隨著多裝置時代的到來,許多以往必須在電腦上安裝軟體才能達到的功能,逐漸轉移到雲端服務上,以實現跨平台的需求。原先如Flash等廠商獨有技術實現了複雜的內容,但也造成了跨平台的障礙。於是,這促使網頁標準化的產生,作為標準的用戶端腳本語言的JavaScript也就日漸重要。
如今,網路服務蓬勃發展,JavaScript也變得隨處可見,隨之而來的就是JavaScript安全的議題。駭客的攻擊手法不斷的更新,如何及時有效的防禦新型態的攻擊是個重要的課題。本篇論文著重於JavaScript在用戶端的防禦,將雲端安全分析服務VirusTotal整合至瀏覽器中,能讓使用者在瀏覽網頁的同時,使用最新的惡意程式資料庫來分析網際網路上各種JavaScript檔案的行為,並阻擋惡意程式碼的執行。
摘要(英) Information technology is changing rapidly. Since Web 2.0 concepts have been proposed in 1999, web patterns are getting more diverse. With the advent of the multi-device era, lots of the features which must install software into computers has been gradually transferred to the cloud services for implement cross-platform. Although some vendor’s proprietary languages, such as Flash, might reach some of the demand for presenting complex content, it impeded the cross-platform development. Thus, it promotes the establishment of the web standards. And JavaScript, as a standard of client-side scripting language, has become increasingly important.
At present, web services have been flourishing. JavaScript becomes ubiquitous and is visible everywhere, thereby the security issues of JavaScript should be taken seriously. Since types of hacker attack techniques are constantly evolving, it is a big topic that how timely and effectively defends new patterns of attack.
We proposed CPJ mechanism, it focuses on the client-side defense against JavaScript style attacks. We integrate VirusTotal, a cloud-bases security analysis service, into a browser. Therefore, with the latest malware database, it can analyze the behavior of a variety of JavaScript files. It allows the browser to block malicious code when the user browses the internet.
關鍵字(中) ★ 惡意JavaScript
★ VirusTotal
★ 雲端防護
關鍵字(英) ★ Malicious JavaScript
★ VirusTotal
★ Cloud-Based Protection
論文目次 摘要 i
Abstract ii
致謝 iii
Table of Contents iv
List of Figures vi
List of Tables vii
Chapter 1 Introduction 1
Chapter 2 Background 4
2.1 Same-Origin Policy 4
2.2 Web Security Threats 5
2.3 VirusTotal 9
Chapter 3 System Design 12
3.1 Design Principles 12
3.2 System Architecture 13
3.2.1 Firefox Add-on SDK 13
3.2.2 nsITraceableChannel Interface 14
3.2.3 Observer and HTTP Request topics 15
3.2.4 Stream Listener 16
3.2.5 Find out JavaScript Files 17
3.2.6 nsIHttpChannel Interface 18
3.2.7 VirusTotal APIs 18
Chapter 4 Evaluation 20
4.1 Environment 20
4.2 Test Cases 20
4.3 Experiments 21
Chapter 5 Discussion 25
5.1 Related Work 25
5.2 Limitations 25
Chapter 6 Conclusion 28
Chapter 7 Reference 29
參考文獻 [1] J.-S. Kim, H.-K. Kang, and H.-C. Jeong, "Study of Behavior-Based High Speed Visit/Inspection Technology to Detect Malicious Websites," in IT Convergence and Security 2012, ed: Springer, 2013, pp. 13-20.
[2] Y. Yu, Y. Yang, J. Gu, and L. Shen, "Analysis and suggestions for the security of web applications," in Computer Science and Network Technology (ICCSNT), 2011 International Conference on, 2011, pp. 236-240.
[3] OWASP, "Top 10 – 2010," The Ten Most Critical Web Application Security Risks, 2010.
[4] OWASP, "Top 10 – 2013," The Ten Most Critical Web Application Security Risks, 2013.
[5] C. Saiyed, "CryptoLocker," ISSA Journal, 2016.
[6] S. Lekies, B. Stock, M. Wentzel, and M. Johns, "The unexpected dangers of dynamic JavaScript," in 24th USENIX Security Symposium (USENIX Security 15), 2015, pp. 723-735.
[7] VirusTotal. About VirusTotal. Available: https://www.virustotal.com/en/about/
[8] MDN. Observer Notifications. Available: https://developer.mozilla.org/en-US/docs/Observer_Notifications
[9] ForbesLindesay. acorn-globals. Available: https://github.com/ForbesLindesay/acorn-globals
[10] VirusTotal. Public API v2.0. Available: https://www.virustotal.com/en/documentation/public-api/
[11] Fabasoft. Fabasoft app.telemetry Page Speed Monitor. Available: https://www.fabasoft.com/en/apptelemetry/page-speed-monitor
[12] M. Cova, C. Kruegel, and G. Vigna, "Detection and analysis of drive-by-download attacks and malicious JavaScript code," in Proceedings of the 19th international conference on World wide web, 2010, pp. 281-290.
[13] H. Shahriar and M. Zulkernine, "Client-side detection of cross-site request forgery attacks," in 2010 IEEE 21st International Symposium on Software Reliability Engineering, 2010, pp. 358-367.
[14] VirusTotal. Frequently Asked Questions. Available: https://www.virustotal.com/en/faq/
[15] VirusTotal. YARA - The pattern matching swiss knife for malware researchers. Available: http://virustotal.github.io/yara/
指導教授 許富皓 審核日期 2016-8-26
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明