中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/72025
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78937/78937 (100%)
Visitors : 39816057      Online Users : 1189
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/72025


    Title: RGuard: A Light-weight Minifilter-based Solution to Ransomware
    Authors: 謝岳緯;Xie,Yue-Wei
    Contributors: 資訊工程學系
    Keywords: 勒索軟體;minifilter;Windows 驅動;Ransomware;minifilter;Windows driver
    Date: 2016-07-18
    Issue Date: 2016-10-13 14:22:20 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 近年來勒索軟體的危害程度對於使用者越來越高,勒索軟體會想盡辦法入侵使用者的電腦去加密檔案,並勒索贖金,被攻擊的使用者只能被迫向勒索軟體作者付出高額的贖金,而且付出贖金也不一定會解鎖檔案,受害者只能被動等待作者解鎖。
    對於勒索軟體的攻擊,防毒軟體雖然有辦法偵測到電腦遭受到攻擊,但是這是在確定是勒索軟體後才能阻擋,在這病毒空窗期的期間,可能已有不少使用者遭受到勒索軟體攻擊,因此這在期間保護使用者就成為首要任務。
    為了抵禦勒索軟體的攻擊,我們提出了一個能在平時偵測疑似勒索軟體的方法,該方法是建置在 Windows 的 minifilter driver 上,因此勒索軟體很難繞過我們的偵測。
    在偵測到疑似勒索軟體後,我們的系統能讓使用者做後續的處理,像是終止目前的程式或是直接將程式加入白名單,讓使用者可以有選擇的空間。除了可以對程式進行操作外,當使用者選擇終止程式時,我們的系統還會還原被改變的檔案,減少使用者的損失。;In recent years, ransomwares are prevalent and dangerous to users more and more. The target of ransomware is to intrude the user’s computer to encrypt files and force the user to pay money. Additionally, after paying a high ransom to the author of ransomware, the victim was not necessarily to get recovery key. Therefore, victims are to face a dilemma.
    Although antivirus software can detect the attack of ransomware, it is due to the latest virus definitions. If a new virus appears and the virus definitions are out of date, user’s computer may suffer the threat of ransomware. Thus, it is important to protect the user’s computer during virus window period.
    In order to resist the attack of ransomware, we propose a method to detect process whose actions are similar to the actions of ransomware. Because the method proposed is based on Windows minifilter driver, ransomware is hard to bypass the detection of our method.
    After catching ransomware-like process, our system would take care user’s computer, such as terminate the process, whitelist the process. Furthermore, when users choose to terminate the program, our system will restore the files changed by the process.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML338View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明