中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/83967
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41640921      Online Users : 1405
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/83967


    Title: COE: Anti-Virus for Fileless Malware
    Authors: 蕭登銓;Hsiao, Teng-Chuan
    Contributors: 資訊工程學系
    Keywords: 防毒軟體;無檔案攻擊;動態分析;記憶體分析;anti-virus;filess malware;dynamic analysis;memory analysis
    Date: 2020-07-23
    Issue Date: 2020-09-02 17:47:32 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 防毒軟體是保護資訊安全重要的一環,能有效偵測並刪除惡意程式,而傳統的防毒軟體大部分以靜態分析的簽章 (signature-based) 技術來偵測病毒。然而,在面對新型態的攻擊手法時,僅使用靜態分析則無法發揮保護效果。傳統攻擊手法會先將惡意程式檔案寫入磁碟,再執行此惡意程式才能達成其惡意行為,而無檔案惡意程式不像傳統惡意程式那樣容易被偵測,攻擊者會利用各種技巧來隱藏惡意程式,使惡意程式不需要先被寫入磁碟,而是能直接在記憶體中執行,藉此規避防毒軟體的偵測。因此在本篇論文中我們提出一套檢查機制,命名為Check-on-Execute(COE),當程式要執行可寫又可執行之記憶體區段中的一段程式碼或僅存於記憶體的檔案時,COE 會暫停這個未經檢查的執行,並對其程式碼進行檢查。然後再依據檢查的結果判斷是否允許執行,防止系統遭到無檔案惡意程式攻擊。;Anti-virus software is an important part of protecting information security, which can effectively detect and delete malicious programs, and most of the traditional anti-virus software uses static analysis (signaturebased) technology to detect viruses. However, in the face of a new type of attack methods, only using static analysis can not play a protective effect.
      Traditional attack methods will first store the malware to disk, and then execute this malware to achieve its malicious behavior. Fileless malware is not as easily detected as traditional malware. Attackers will use
    various techniques to hide malicious programs. And the malware can be directly executed in the memory without being loaded into the disk first, and can avoid the detection of anti-virus software.
      Therefore, in this paper, we propose a set of defense mechanisms, named Check-on-Execute (COE). When a program wants to execute a piece of code in a writable and executable memory area or a in-memoryonly file , COE will suspend this unchecked execution and check its code. And then judge whether to allow execution based on the results of the check to prevent the system from being attacked by fileless malware.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML150View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明