博碩士論文 105522110 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:41 、訪客IP:3.231.219.178
姓名 林鈺凱(Yu-Kai Lin)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(CIRD: A Solution to Detect Real-time Zero-day Code-Injection Atttacks)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載]
  1. 本電子論文使用權限為同意立即開放。
  2. 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
  3. 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。

摘要(中) 在眾多的攻擊手法中,Buffer overflow 造成的Code-Injection 攻擊是
一種很嚴重的攻擊方式。因為攻擊者可以任意執行惡意程式碼,可能會
造成memory leak、任意記憶體位置讀寫、最嚴重可以拿到主機控制權。
本篇論文設計了一套偵測Code-Injection 的方式,利用QEMU 和
Linux Kernel 配合,可以即時偵測並且找出在執行檔哪個地方發生
Code-Injection。
摘要(英) In many of attack methods, the Code-Injection attacks is a serious problem that makes attackers can execute malicious code arbitrarily. It may cause memory leak, arbitrarily memory read/write or even taking control on the host machine.
We had designed a method to detect Code-Injection attacks. Using QEMU and Linux Kernel, we can not only detect read-time Code-Injection attacks but also locate functions of Code-Injection vulnerability.
關鍵字(中) ★ 緩衝區溢位
★ 代碼注入
關鍵字(英) ★ Buffer overflow
★ Code-Injection
論文目次 摘要.................................................................................... i
Abstract .............................................................................. ii
誌謝.................................................................................... iii
目錄.................................................................................... iv
圖目錄................................................................................. vi
表目錄................................................................................. vii
第1 章緒論........................................................................ 1
第2 章背景介紹.................................................................. 2
2.1 Linux Process ID ........................................................ 2
2.2 Linux PID 分配機制.................................................... 3
2.3 QEMU TCG IR ......................................................... 4
2.4 Buffer overflow 與Shellcode 攻擊................................... 6
第3 章系統設計.................................................................. 8
3.1 系統架構.................................................................. 8
3.2 執行檔加工............................................................... 9
3.3 Guest OS kernel ......................................................... 11
3.4 QEMU 紀錄Assembly Code ......................................... 13
3.5 偵測Code-Injection 與注入點....................................... 14
第4 章實驗設計與實作......................................................... 15
4.1 測試環境.................................................................. 15
4.2 功能測試.................................................................. 15
4.3 效能測試.................................................................. 16
4.4 CVE 測試................................................................. 17
iv
目錄
第5 章相關研究.................................................................. 18
5.1 Memory Forensics ....................................................... 18
5.2 Convolutional Neural Network ....................................... 18
第6 章討論........................................................................ 19
第7 章總結........................................................................ 20
參考文獻.............................................................................. 21
參考文獻 [1] F. Bellard. (2019). Qemu, [Online]. Available: https://www.qemu.org/ (visited on
07/16/2019).
[2] L. B. Torvalds. (2019). Linux kernel, [Online]. Available: https://www.kernel.org/
(visited on 07/16/2019).
[3] T.-C. Chiueh and F.-H. Hsu, “Rad: A compile-time solution to buffer overflow attacks,”
Proceedings 21st International Conference on Distributed Computing Systems,
Apr. 16, 2001. doi: 10.1109/ICDSC.2001.918971. [Online]. Available: https:
//ieeexplore.ieee.org/abstract/document/918971.
[4] (2019). Cve, [Online]. Available: https://www.exploit-db.com/exploits/17486
(visited on 07/16/2019).
[5] A. Srivastava, “Detecting code injection by cross-validating stack and vad information
in windows physical memory,” 2017 IEEE Conference on Open Systems
(ICOS), Nov. 13, 2017. doi: 10 . 1109 / ICOS . 2017 . 8280279. [Online]. Available:
https://ieeexplore.ieee.org/document/8280279.
[6] Y. Pan, J. An, W. Fan, and W. Huang, “A shellcode detection method based on
dynamic binary instrumentation and convolutional neural network,” ICSCA ’19
Proceedings of the 2019 8th International Conference on Software and Computer
Applications, pp. 462–466, Feb. 19, 2019. doi: 10.1145/3316615.3316731. [Online].
Available: https://dl.acm.org/citation.cfm?id=3316731.
[7] LLVM 開發團隊. (2019). Llvm, [Online]. Available: https://llvm.org/ (visited on
07/16/2019).
指導教授 許富皓(Fu-Hau Hsu) 審核日期 2019-8-20
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明