博碩士論文 955202094 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊工程學系zh_TW
DC.creator林佳潤zh_TW
DC.creatorChia-Jun Linen_US
dc.date.accessioned2008-7-21T07:39:07Z
dc.date.available2008-7-21T07:39:07Z
dc.date.issued2008
dc.identifier.urihttp://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=955202094
dc.contributor.department資訊工程學系zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract具自行散播能力的蠕蟲程式,由於能讓攻擊者竊取數量龐大的主機的控制權,因此長期以來一直是網路世界中致命的安全威脅之一。本篇論文提出了一個新的架構與方法,可以以高精準度且自動化的解決與恢復遭受蠕蟲攻擊感染的主機 —「即時蠕蟲恢復系統」(Serum System)。 本系統之基礎架構是以具備攻擊性的防禦為概念,建立攻性防壁,對攻擊來源作出反擊。一旦具備Serum System的主機收到惡意程式之攻擊字串時,首先動態即時修改攻擊字串的payload,之後對攻擊來源主機的相同漏洞進行反擊,再複製Serum System到該主機上並修復漏洞。攻擊來源主機不僅對於該攻擊之蠕蟲免疫,此外更可進一步的以相同的方式反擊任何攻擊此免疫主機的其他惡意主機。借由此種具備正當性之連鎖型式的擴散反擊,可以在signature不精確之情況下,仍能自動精準且受控制地清除散播在 Internet 各處受蠕蟲感染的主機,不論其規模大小。 本論文亦將討論關於蠕蟲感染的模型,分析證明此系統對蠕蟲傳播抑止之有效性。此分析不僅可描述蠕蟲造成的破壞跟時間的關係,同時也可以看出即時反擊主機的佈署對蠕蟲壓制的效果。 論文中也提出了區域型自動化程式漏洞修補之架構,使企業以及各型機構能夠及時修復漏洞。此項成果有助於資安事件研究者未來面對緩衝區溢位型蠕蟲的攻擊時,能夠快速反應並從危害中恢復。zh_TW
dc.description.abstractAlthough the implementations of ASLR and Non-executable stack decrease the risks of worm spreading via buffer overflow exploits, there are still numerous ways to defeat or circumvent the protections. In this paper we propose a system of automatic worm curing – Infectious Real-time Serum System (IRSS). Our approach is based on the concept of “attack barrier” which will counter back to the attackers. Once the host with Serum System was attacked by attacker, it will modify the payload of attacking string dynamically, then counter back to the attacking source and setup patches which clone the Serum System entirely to target source. The original attacking host thus not only immune to this kind of the vulnerability, but also has the ability of counter back to any hosts who are trying to attack this host. By the behavior of infectious counterattack with catenation of Serum System, we can automatically cure the hosts of worm precisely and under control. Otherwise, we can clean the worms all around the world and only a few Serum System Servers are demanded to the entire environment. The Serum System can deal with whatever attacks of BOA, even if the return into libc attacks, therefore the system is effective in defending the spreading of modern worms. This paper also builds a mathematic model of worm curing behavior to analyze the efficiency of serum system and provide the concept of automatic exploit patching.en_US
DC.subject攻性防壁zh_TW
DC.subject網路安全zh_TW
DC.subject傀儡網路zh_TW
DC.subject蠕蟲zh_TW
DC.subject血清系統zh_TW
DC.subject血清zh_TW
DC.subject遠端攻擊zh_TW
DC.subject緩衝區溢位zh_TW
DC.subject蠕蟲清除zh_TW
DC.subject蠕蟲治癒zh_TW
DC.subjectattack barrieren_US
DC.subjectbotneten_US
DC.subjectworm curingen_US
DC.subjectbuffer overflowen_US
DC.subjectwormen_US
DC.subjectserum systemen_US
DC.subjectwhite wormen_US
DC.subjectsecurityen_US
DC.subjectremote exploiten_US
DC.title即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統zh_TW
dc.language.isozh-TWzh-TW
DC.titleInfectious Real-time Serum System: Automatic worm curing systemen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明