博碩士論文 955202041 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊工程學系zh_TW
DC.creator歐智文zh_TW
DC.creatorChih-wen Ouen_US
dc.date.accessioned2008-7-21T07:39:07Z
dc.date.available2008-7-21T07:39:07Z
dc.date.issued2008
dc.identifier.urihttp://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=955202041
dc.contributor.department資訊工程學系zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract在資訊安全的世界中,緩衝區溢位漏洞與攻擊是一個極為關鍵的領域,影響著全世界許許多多的系統使用者。連接性越來越緊密的全球網路,再加上開發資訊系統越來越競爭的全球市場,在時間跟成本壓力下,許多未經仔細開發以及完整驗證的服務跟程式在網路上被廣泛使用著,而這些程式具有許多漏洞,其中最嚴重,就是可被利用於執行遠端植入的惡意程式碼的緩衝區溢位漏洞。隨著商業活動的數位化,掌控電腦跟掌握資訊同時也成為致富的另一途徑,此趨勢使得攻擊者將入侵電腦當作生財的方式,因而使得他們的攻擊形態轉以隱匿化,小型化的方式來進行。直到今日,在許多新開發的程式上出現的緩衝區溢位漏洞從沒減少過,且現今有效的解決方案大多只是讓緩衝區溢位攻擊的成功率降到最低,在擁有足夠的時間與足夠的攻擊主機的情況下,不用太大的攻擊強度,這些解決方案仍難以抵擋多嘗試幾次的攻擊。   有組織且低調的緩衝區溢位攻擊,代表著長時間的低強度的重複攻擊是必須的,無論是Botnet或是蠕蟲擴張,最有效的方式就是利用緩衝區溢位攻擊。儘管變的低調,變的聰明,但不變的是緩衝區溢位攻擊目標是程式的漏洞,且發動攻擊的主機及有可能也含有相同漏洞。在更積極,以及更有效率的前提下,我們希望可以對付的不僅僅是緩衝區溢位攻擊本身,還有發動攻擊的電腦,甚至是搖控這一切的遠端惡意攻擊集團。因此攻擊的發現與偵測必須要夠有效率,夠有彈性之外,我們所採取的攻擊反應作為必須能夠嚇阻背後的主事者。   綜合上述概念我們建構出一個自動化即時反擊概念。希望透過自動化即時反擊的實作以及即時反擊方法的研究,以積極嚇阻代替消極抵禦,以即時反擊機制代替抵銷攻擊策略,降低遭受惡意攻擊者攻擊的機率。同時,透過反擊讓攻擊者發動攻擊有所顧慮;透過攻擊資料的搜集讓隱身於世界各角落的攻擊者無所遁形。zh_TW
dc.description.abstractIn this paper, we shall discuss a new idea against remote buffer overflow attack launched by internet worms, Botnet owners or unknown attackers. Meanwhile, we also develop the prototype system called Arcs (Automatic Real-time Counterattack System) to evaluate the performance of this architecture. The result of system testing shows that this mechanism indeed works, which means it is usable and efficient to combat the remote buffer overflow attack from internet worm propagation and Botnet than other strategies came up before. The propagation of worm depends on which vulnerabilities they exploit. And also we understand that remote buffer overflow attack is still an efficient method for Botnet to control these vulnerable hosts. This vulnerability oriented characteristic tells us that one compromised host without patched, is possible to be compromised again. Different from rough, invasive and indulgent white worm strategy, we propose a controllable and acceptable automatic real-time counterattack mechanism, which just attacks to those who attacks us. After attacking detected, we make a duplicate of the original attacking string, replace malicious injected code of this duplicate with our own fight back injected code and then use it to counterattack. For ideal situation, we can successfully compromise the attacking host and execute our injected code instead of original malicious one. We build a database to record the information of counterattack, including the address of attacking hosts and Port, the time and the result of fighting back. We have a detailed discussion about the possible Arcs based worm and Botnet solution and contribution of Arcs because of its efficiency and flexibility. Arcs can be used for many different purposes for different system administrators’ needs. This paper focuses on introduction of Arcs, modification of remote buffer overflow attack string, its influence and possible Arcs based worm and Botnet solutions.en_US
DC.subject緩衝區溢位攻擊zh_TW
DC.subject蠕蟲zh_TW
DC.subject機器人網路zh_TW
DC.subjectbuffer overflow attacken_US
DC.subjectwormen_US
DC.subjectbotneten_US
DC.title針對遠端緩衝區溢位攻擊之自動化即時反擊系統zh_TW
dc.language.isozh-TWzh-TW
DC.titleARCS:Automatic real-time counterattack system against remote buffer overflow attacken_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明