中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/93164
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41652871      Online Users : 1609
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/93164


    Title: Windows 登錄檔攻擊與防禦: 基於 ETW 的行為分析和持久化檢測;Windows Registry Attack and Defense: Behavior Analysis and Persisentence Detection Based on ETW
    Authors: 張揚鑫;Chang, Yang-Hsin
    Contributors: 資訊工程學系
    Keywords: Windows;登錄檔;ETW;Registry;ETW
    Date: 2023-07-21
    Issue Date: 2024-09-19 16:45:23 (UTC+8)
    Publisher: 國立中央大學
    Abstract: Windows 登錄檔蘊含著許多關於使用者的各種訊息,可以視為
    是一種資料庫。微軟提供用戶客製化設定的同時,卻也讓其成為一
    個攻擊者可以充分利用其資源的地方,來達到入侵持久化,無檔案
    攻擊等等惡意行為。本論文首先針對登錄檔的結構進行介紹,包括
    了其邏輯結構以及登錄檔於 Windows 核心的資料結構。再來探討現
    今 Windows 10 作業系統,有哪些關於登錄檔的攻擊以及其所對應
    之防禦。最後介紹本論文基於 Windows 內建之日誌系統,ETW,實
    作的系統。監測程式寫入登錄檔的行為,將擷取過濾到的資料,透
    過資料分析元件上傳至 VirusTotal 來判斷該程式寫入之資料是否是
    惡意的。本研究基於 ETW,實現了一個高效、可靠的登錄檔攻擊檢
    測系統。透過和 VirusTotal 的結合,我們可以更快速、準確地偵測
    並防止登錄檔攻擊或是濫用,並保護用戶系統安全。;Windows Registry contains various information about users and can
    be viewed as a database. While Microsoft provides users with
    customization options, it also inadvertently becomes a resource that
    attackers can fully exploit to achieve intrusion persistence, fileless attacks,
    and other malicious activities. This paper begins by introducing the
    structure of the registry, including its logical structure and data structures
    within the Windows core. It then explores the attacks on the registry and
    corresponding defense mechanisms in the current Windows 10 operating
    system. Finally, it presents the implementation of a system based on
    Windows′ built-in logging system, ETW. The monitoring program captures
    and filters data related to registry write operations, and the filtered data is
    analyzed and uploaded to VirusTotal to determine the maliciousness of the
    written data. This research realizes an efficient and reliable registry attack
    detection system based on ETW. By integrating with VirusTotal, we can
    detect and prevent registry attacks or misuse more quickly and accurately,
    thereby safeguarding the security of user systems.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML9View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明