中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/83967
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41742267      線上人數 : 1057
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/83967


    題名: COE: Anti-Virus for Fileless Malware
    作者: 蕭登銓;Hsiao, Teng-Chuan
    貢獻者: 資訊工程學系
    關鍵詞: 防毒軟體;無檔案攻擊;動態分析;記憶體分析;anti-virus;filess malware;dynamic analysis;memory analysis
    日期: 2020-07-23
    上傳時間: 2020-09-02 17:47:32 (UTC+8)
    出版者: 國立中央大學
    摘要: 防毒軟體是保護資訊安全重要的一環,能有效偵測並刪除惡意程式,而傳統的防毒軟體大部分以靜態分析的簽章 (signature-based) 技術來偵測病毒。然而,在面對新型態的攻擊手法時,僅使用靜態分析則無法發揮保護效果。傳統攻擊手法會先將惡意程式檔案寫入磁碟,再執行此惡意程式才能達成其惡意行為,而無檔案惡意程式不像傳統惡意程式那樣容易被偵測,攻擊者會利用各種技巧來隱藏惡意程式,使惡意程式不需要先被寫入磁碟,而是能直接在記憶體中執行,藉此規避防毒軟體的偵測。因此在本篇論文中我們提出一套檢查機制,命名為Check-on-Execute(COE),當程式要執行可寫又可執行之記憶體區段中的一段程式碼或僅存於記憶體的檔案時,COE 會暫停這個未經檢查的執行,並對其程式碼進行檢查。然後再依據檢查的結果判斷是否允許執行,防止系統遭到無檔案惡意程式攻擊。;Anti-virus software is an important part of protecting information security, which can effectively detect and delete malicious programs, and most of the traditional anti-virus software uses static analysis (signaturebased) technology to detect viruses. However, in the face of a new type of attack methods, only using static analysis can not play a protective effect.
      Traditional attack methods will first store the malware to disk, and then execute this malware to achieve its malicious behavior. Fileless malware is not as easily detected as traditional malware. Attackers will use
    various techniques to hide malicious programs. And the malware can be directly executed in the memory without being loaded into the disk first, and can avoid the detection of anti-virus software.
      Therefore, in this paper, we propose a set of defense mechanisms, named Check-on-Execute (COE). When a program wants to execute a piece of code in a writable and executable memory area or a in-memoryonly file , COE will suspend this unchecked execution and check its code. And then judge whether to allow execution based on the results of the check to prevent the system from being attacked by fileless malware.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML150檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明