中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/9695
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41650367      Online Users : 1399
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/9695


    Title: 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統;Infectious Real-time Serum System: Automatic worm curing system
    Authors: 林佳潤;Chia-Jun Lin
    Contributors: 資訊工程研究所
    Keywords: 蠕蟲清除;緩衝區溢位;遠端攻擊;血清;血清系統;蠕蟲;傀儡網路;網路安全;攻性防壁;蠕蟲治癒;serum system;worm;buffer overflow;worm curing;botnet;attack barrier;white worm;security;remote exploit
    Date: 2008-07-10
    Issue Date: 2009-09-22 11:53:47 (UTC+8)
    Publisher: 國立中央大學圖書館
    Abstract: 具自行散播能力的蠕蟲程式,由於能讓攻擊者竊取數量龐大的主機的控制權,因此長期以來一直是網路世界中致命的安全威脅之一。本篇論文提出了一個新的架構與方法,可以以高精準度且自動化的解決與恢復遭受蠕蟲攻擊感染的主機 —「即時蠕蟲恢復系統」(Serum System)。 本系統之基礎架構是以具備攻擊性的防禦為概念,建立攻性防壁,對攻擊來源作出反擊。一旦具備Serum System的主機收到惡意程式之攻擊字串時,首先動態即時修改攻擊字串的payload,之後對攻擊來源主機的相同漏洞進行反擊,再複製Serum System到該主機上並修復漏洞。攻擊來源主機不僅對於該攻擊之蠕蟲免疫,此外更可進一步的以相同的方式反擊任何攻擊此免疫主機的其他惡意主機。借由此種具備正當性之連鎖型式的擴散反擊,可以在signature不精確之情況下,仍能自動精準且受控制地清除散播在 Internet 各處受蠕蟲感染的主機,不論其規模大小。 本論文亦將討論關於蠕蟲感染的模型,分析證明此系統對蠕蟲傳播抑止之有效性。此分析不僅可描述蠕蟲造成的破壞跟時間的關係,同時也可以看出即時反擊主機的佈署對蠕蟲壓制的效果。 論文中也提出了區域型自動化程式漏洞修補之架構,使企業以及各型機構能夠及時修復漏洞。此項成果有助於資安事件研究者未來面對緩衝區溢位型蠕蟲的攻擊時,能夠快速反應並從危害中恢復。 Although the implementations of ASLR and Non-executable stack decrease the risks of worm spreading via buffer overflow exploits, there are still numerous ways to defeat or circumvent the protections. In this paper we propose a system of automatic worm curing – Infectious Real-time Serum System (IRSS). Our approach is based on the concept of “attack barrier” which will counter back to the attackers. Once the host with Serum System was attacked by attacker, it will modify the payload of attacking string dynamically, then counter back to the attacking source and setup patches which clone the Serum System entirely to target source. The original attacking host thus not only immune to this kind of the vulnerability, but also has the ability of counter back to any hosts who are trying to attack this host. By the behavior of infectious counterattack with catenation of Serum System, we can automatically cure the hosts of worm precisely and under control. Otherwise, we can clean the worms all around the world and only a few Serum System Servers are demanded to the entire environment. The Serum System can deal with whatever attacks of BOA, even if the return into libc attacks, therefore the system is effective in defending the spreading of modern worms. This paper also builds a mathematic model of worm curing behavior to analyze the efficiency of serum system and provide the concept of automatic exploit patching.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File SizeFormat


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明