博碩士論文 965202036 完整後設資料紀錄

DC 欄位 語言
DC.contributor資訊工程學系zh_TW
DC.creator左昌國zh_TW
DC.creatorChang-kuo Tsoen_US
dc.date.accessioned2009-7-24T07:39:07Z
dc.date.available2009-7-24T07:39:07Z
dc.date.issued2009
dc.identifier.urihttp://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=965202036
dc.contributor.department資訊工程學系zh_TW
DC.description國立中央大學zh_TW
DC.descriptionNational Central Universityen_US
dc.description.abstract在許多人的生活中,隨著網路扮演著越重要的角色,更多的惡意攻擊者為了財產利益改變了最終攻擊目標,從以往對商業或組織的網站或伺服器的攻擊改為攻擊一般使用者的個人電腦。由於終端使用者的電腦已不使用傳統的網路服務以提供攻擊者經由這些服務入侵電腦,網頁形態的攻擊已經成為現今最有效的入侵個人電腦的方式。最近幾年,一種著名的被稱為”Drive-by Downloads”的網頁攻擊機制已經造成了無數個人電腦被安裝惡意程式。攻擊者對有漏洞的網頁伺服器使用一些攻擊方式,例如資料隱碼攻擊(SQL injection),對存放在伺服器上的網頁注入有害的網頁程式碼。除非受害者仔細的檢查網頁原始碼,否則瀏覽這些網頁時並不會有所警覺,因為被注入的網頁程式碼並不會顯現在網頁上。當有漏洞的瀏覽器讀到被注入的網頁程式碼時,它會秘密下載惡意程式並且在背景自動執行那些惡意程式。 本篇論文介紹了一種在瀏覽器端的方法來阻止執行經由Drive-by Downloads所下載下來的執行檔。我們不需要去分析網頁的內容,只會阻擋瀏覽器去執行那些被秘密下載下來的執行檔。目前這個解決方案適用在Windows上的Internet Explorer 7.0以下的瀏覽器,而且造成很低的額外需求,同時也有很低的誤判例外。 zh_TW
dc.description.abstractAs Internet plays an important role for more people in their life, more malicious attackers have changed the targets from web servers of enterprises or organizations to personal computer users by infecting computers with malware or adware for financial gains. In order to compromise the computers of end users which usually don’t provide popular services for traditional infection routine, web-based attack has become an effective method to infect personal computers. In recently years, a notorious web-based attack mechanism, called “drive-by downloads”, makes numbers of hosts infected by malware. Attackers inject malicious contents into webpage stored in vulnerable web server via common attacking techniques like SQL injection. Victims then visit these webpage without alertness because these malicious contents are invisible to them except that they check the source code carefully. When vulnerable browsers read these malicious contests, they secretly download and automatically install harmful binaries in background. This paper introduces a browser-side solution to prevent web browsers from executing binaries downloaded by drive-by downloads. We do not have to analyze the source code of webpage but focus on blocking browsers from executing the binary which has the “secretly download” characteristic. This solution currently works on Internet Explorer 7.0 on Microsoft Windows with low overhead and low false rate. en_US
DC.subject瀏覽器zh_TW
DC.subject遠端程式碼執行zh_TW
DC.subjectbrowsersen_US
DC.subjectremote code executionen_US
DC.title一種在瀏覽器端偵測並阻擋網頁惡意程式的解決方案zh_TW
dc.language.isozh-TWzh-TW
DC.titleA Browser-side Solution to Drive-by-Download-Based Malicious Web Pagesen_US
DC.type博碩士論文zh_TW
DC.typethesisen_US
DC.publisherNational Central Universityen_US

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明