中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/9657
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41648912      Online Users : 1453
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9657


    Title: 一個以TCP連線行為基礎來防禦後門程式的機制;A Novel Behavior-Based Solution to Backdoors
    Authors: 陳俊佑;Chun-yu Chen
    Contributors: 資訊工程研究所
    Keywords: 入侵偵測;行為基礎;後門程式;Backdoor;Behavior-Based;Intrusion Detection
    Date: 2008-07-10
    Issue Date: 2009-09-22 11:52:51 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 惡意程式的發展,從早期的病毒﹙Virus﹚,蠕蟲﹙Worm﹚,木馬﹙Trojan Horse﹚與後門﹙Backdoor﹚程式,至今日的Rootkit、間諜軟體﹙Spyware﹚、垃圾信件發送軟體﹙Spamware﹚等,其使用的技術不斷地改變,滲透的手段日趨多元,而造成的損失也日益龐大,這些惡意軟體藉由網路多樣化的傳播途徑達散播的目的,對網路以及網路上的主機系統安全帶來巨大的威脅。 在眾多攻擊方式中,攻擊者為了掌控受害的主機,開啟後門是最重要的步驟,常見的木馬與後門程式,大多都會偽裝成一般正常程式,像是取與正常程式相同的名稱,以避免被使用者發覺,一旦攻擊者取得具有系統管理員﹙root﹚權限的後門程序,攻擊者便可對受害電腦為所欲為。 在本論文中,我們提出新的防禦機制,以程序使用網路的行為﹙behavior-based﹚為基礎來區分正常程式與後門程式,有效的保護系統不被後門程式操控,我們在系統資訊被不正常的透過網路傳出之前,即偵測出攻擊存在的可能性,在傷害尚未擴大之時,便終止可疑的程序,可阻止攻擊者利用後門程式進行後續的惡意行為,提高系統與網路伺服器的安全性。 With the popularity of computers and Internet, more information security problems are taken into consideration. From the old-time virus to the newfashioned worm, Trojan horse and backdoor, nowadays, attackers develop a variety of malware to gain lots of personal benefit. Like rootkit, spyware, or spamware, these malwares spread via all kinds of network applications. It is a huge threat to Internet and system security. In order to control the victim computers, open the backdoor is the most important step in all attacking methods. The conventional Trojan house and backdoor may mask themselves as normal programs, like having the same name with normal program, in order to cheat users. Once attackers get the backdoor process with root privilege, attackers can do everything to the victim. In this thesis, we propose a new behavior-based defensive mechanism to detect whether a program is a backdoor or not. This mechanism can protect system from controlling by backdoor. We can find out the backdoor before the system information is sent by Internet abnormally. Before the attack succeeds, we can terminate the suspicious process and stop the follow-up malicious activities in advanced. This mechanism can raise the security level of system and network server.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明