博碩士論文 107522135 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:45 、訪客IP:3.143.23.38
姓名 邱韜(Tao Chiu)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(A Kernel-Based Solution to GPU-Assisted Malware)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載]
  1. 本電子論文使用權限為同意立即開放。
  2. 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
  3. 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。

摘要(中) 2008 年,在 CUDA、OpenCL 等通用圖形處理器計算模型相繼被提 出之後,圖形處理器用來執行一般計算任務的現象日趨發達。也開始有 研究朝如何將圖形處理器用於輔助惡意程式進行的方向發展。而圖形處 理器充足的記憶體、強大的運算能力,以及獨立於 CPU 的配置都為惡 意軟體帶來極佳的隱蔽環境。其中,有研究利用這樣的特性,提出圖形 處理器可用於快速將隱藏於程式主體的密文程式碼進行快速加解密,以 躲避掃描軟體的監控的威脅模式。
本研究基於這樣的行為,將圖形處理器解密後的程式碼「植入」系 統中執行的所有可能途徑,歸納出三種媒介,分別為記憶體、檔案系統、 及網路。然後,發展一套能夠適時針對程序使用週邊裝置的情形採取監 控的系統,有效地監控其記憶體及檔案系統行為,然後適時地阻擋應該 被視為「資料」的資訊片段被當成「程式碼」來執行。此系統的效能表 現良好,幾乎不會為程序帶來效能損失。
隨著週邊裝置的計算能力越發強大,這些新型態的攻擊行為及防禦 手法勢必成為資安的新議題,本研究的目標是提出一套對周邊裝置存取 行為給予存取權限的機制,維護系統的完整性。
摘要(英) Since the release of specifications such as OpenCL, CUDA targeting general purpose computing on graphics processing unit on 2008, the use of graphics processing unit to perform general data processing has become a increasing trend. Meanwhile, research has come to assessing the threat that GPU could introduce. Particularly due to the nature of GPU having planty of memory space, high performance cores, and locating independently from CPU, GPU could be a ideal target for malicious software where stealthiness is the first consideration. Among these research, one has come up with an idea that utilizes GPU to decrypt ciphertext malicious code that is embedded in the main program to hide from common malware detections.
We propose 3 types of possible approaches that an attacker would implant his GPU-decrypted code onto an infected system based on that reseach. These are memory type, filesystem type and network type. Based on these types, we propose a system that is able to dynamically detect process’s memory and filesystem behavior. It can warn and deny accesses at the moment when a segment of ”data” is either accidently or maliciously misused as executable code. Besides, the system have little incurred over- head on its overall performance.
As these device has become more powerful ever than before, we suggest that our reseach goal is to put forth a methodology that in order to keep integrity of a system we have to perform access control based on the use of peripheral device.
關鍵字(中) ★ 圖形處理器
★ 惡意程式
關鍵字(英) ★ LSM
★ GPU
★ Malware
論文目次 摘要 i
Abstract ii
目錄 iii
圖目錄 iv
表目錄 v
第1章 緒論 1
第2章 背景介紹 4
2.1 通用圖形處理器計算 4
2.1.1 程式設計模型 4
2.1.2 軟體堆疊 5
2.1.3 圖形處理器通用計算模型的限制 6
2.2 新型態的威脅 7
2.3 惡意程式監測軟體 7
2.3.1 特徵碼掃描 8
2.3.2 行為掃描 9
2.4 Linux 安全性模組 10
2.4.1 Linux Security Hooks 11
2.4.2 Linux 檔案延伸屬性 12
第 3 章 相關研究 13
3.1 Linux 上的存取權控制 13
3.1.1 自主存取權控制 13
3.1.2 強制存取權控制 14
第 4 章 方法與系統架構 17
4.1 設計理念 17
4.1.1 攻擊情境假設 18
4.1.2 防禦目標 18
4.2 系統架構 19
4.3 系統組件 21
4.3.1 記憶體偵測子系統 21
4.3.2 檔案系統監控子系統 23
第 5 章 實驗結果及分析 27
5.1 實驗平台 27
5.2 實驗結果 27
5.2.1 記憶體類型(Memory Type) 28
5.2.2 檔案系統類型(Filesystem Type) 30
5.2.3 網路類型(Network Type) 33
5.3 效能評估 34
5.4 有效性評估 35
第 6 章 討論 37
6.2 目前限制 37
6.2 未來展望 37
第 7 章 總結 38
參考文獻 39
參考文獻 [1] D. Luebke, M. Harris, N. Govindaraju, A. Lefohn, M. Houston, J. Owens, M. Segal, M. Papakipos, and I. Buck, “Gpgpu: General-purpose computation on graphics hardware,” in Proceedings of the 2006 ACM/IEEE conference on Supercomputing, ACM, 2006, p. 208.
[2] S. Xu, X. Huang, L.-Y. Oey, F. Xu, H. Fu, Y. Zhang, and G. Yang, “Pom. gpu-v1. 0: A gpu-based princeton ocean model,” Geoscientific Model Development, vol. 8, no. 9, pp. 2815–2827, 2015.
[3] D. C. Ciresan, U. Meier, J. Masci, L. M. Gambardella, and J. Schmidhuber, “Flexible, high performance convolutional neural networks for image classification,” in Twenty- Second International Joint Conference on Artificial Intelligence, 2011.
[4] C. Janßen and M. Krafczyk, “Free surface flow simulations on gpgpus using the lbm,” Computers & Mathematics with Applications, vol. 61, no. 12, pp. 3549–3563, 2011.
[5] G. Vasiliadis, M. Polychronakis, and S. Ioannidis, “Gpu-assisted malware,” Inter- national Journal of Information Security, vol. 14, no. 3, pp. 289–297, 2015.
[6] E. Ladakis, L. Koromilas, G. Vasiliadis, M. Polychronakis, and S. Ioannidis, “You can type, but you can’t hide: A stealthy gpu-based keylogger,” in Proceedings of the 6th European Workshop on System Security (EuroSec), 2013.
[7] D. Balzarotti, R. Di Pietro, and A. Villani, “The impact of gpu-assisted malware on memory forensics: A case study,” Digital Investigation, vol. 14, S16–S24, 2015.
[8] P. Frigo, C. Giuffrida, H. Bos, and K. Razavi, “Grand pwning unit: Accelerating microarchitectural attacks with the gpu,” in 2018 IEEE Symposium on Security and Privacy (SP), IEEE, 2018, pp. 195–210.
[9] Z. Zhu, S. Kim, Y. Rozhanski, Y. Hu, E. Witchel, and M. Silberstein, “Understanding the security of discrete gpus,” in Proceedings of the General Purpose GPUs, ACM, 2017, pp. 1–11.
[10] fail0verflow, Shofel2, a tegra x1 and nintendo switch exploit, https://fail0verflow.com/ blog/2018/shofel2/, Last Accessed: Aug, 2019, Apr. 2018.
[11] A. Cui, M. Costello, and S. Stolfo, “When firmware modifications attack: A case study of embedded exploitation,” 2013.
[12] badminer, Trojan horse that runs bitcoin mining software, https://www.symantec.com/ security-center/writeup/2011-081115-5847-99?tabid=2, Last Accessed: Aug, 2019, Aug. 2011.
[13] I. You and K. Yim, “Malware obfuscation techniques: A brief survey,” in 2010 International conference on broadband, wireless computing, communication and ap- plications, IEEE, 2010, pp. 297–300.
[14] O. Sukwong, H. S. Kim, and J. C. Hoe, “Commercial antivirus software effective- ness: An empirical study.,”
[15] P. Trinius, C. Willems, T. Holz, and K. Rieck, “A malware instruction set for behavior-based analysis,” 2009.
[16] S. Grauer-Gray, L. Xu, R. Searles, S. Ayalasomayajula, and J. Cavazos, “Auto- tuning a high-level language targeted to gpu codes,” in 2012 Innovative Parallel Computing (InPar), Ieee, 2012, pp. 1–10.
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2021-1-25
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明