博碩士論文 965202036 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:16 、訪客IP:3.80.218.53
姓名 左昌國(Chang-kuo Tso)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱 一種在瀏覽器端偵測並阻擋網頁惡意程式的解決方案
(A Browser-side Solution to Drive-by-Download-Based Malicious Web Pages)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   [檢視]  [下載]
  1. 本電子論文使用權限為同意立即開放。
  2. 已達開放權限電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。
  3. 請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。

摘要(中) 在許多人的生活中,隨著網路扮演著越重要的角色,更多的惡意攻擊者為了財產利益改變了最終攻擊目標,從以往對商業或組織的網站或伺服器的攻擊改為攻擊一般使用者的個人電腦。由於終端使用者的電腦已不使用傳統的網路服務以提供攻擊者經由這些服務入侵電腦,網頁形態的攻擊已經成為現今最有效的入侵個人電腦的方式。最近幾年,一種著名的被稱為”Drive-by Downloads”的網頁攻擊機制已經造成了無數個人電腦被安裝惡意程式。攻擊者對有漏洞的網頁伺服器使用一些攻擊方式,例如資料隱碼攻擊(SQL injection),對存放在伺服器上的網頁注入有害的網頁程式碼。除非受害者仔細的檢查網頁原始碼,否則瀏覽這些網頁時並不會有所警覺,因為被注入的網頁程式碼並不會顯現在網頁上。當有漏洞的瀏覽器讀到被注入的網頁程式碼時,它會秘密下載惡意程式並且在背景自動執行那些惡意程式。
本篇論文介紹了一種在瀏覽器端的方法來阻止執行經由Drive-by Downloads所下載下來的執行檔。我們不需要去分析網頁的內容,只會阻擋瀏覽器去執行那些被秘密下載下來的執行檔。目前這個解決方案適用在Windows上的Internet Explorer 7.0以下的瀏覽器,而且造成很低的額外需求,同時也有很低的誤判例外。
摘要(英) As Internet plays an important role for more people in their life, more malicious attackers have changed the targets from web servers of enterprises or organizations to personal computer users by infecting computers with malware or adware for financial gains. In order to compromise the computers of end users which usually don’t provide popular services for traditional infection routine, web-based attack has become an effective method to infect personal computers. In recently years, a notorious web-based attack mechanism, called “drive-by downloads”, makes numbers of hosts infected by malware. Attackers inject malicious contents into webpage stored in vulnerable web server via common attacking techniques like SQL injection. Victims then visit these webpage without alertness because these malicious contents are invisible to them except that they check the source code carefully. When vulnerable browsers read these malicious contests, they secretly download and automatically install harmful binaries in background.
This paper introduces a browser-side solution to prevent web browsers from executing binaries downloaded by drive-by downloads. We do not have to analyze the source code of webpage but focus on blocking browsers from executing the binary which has the “secretly download” characteristic. This solution currently works on Internet Explorer 7.0 on Microsoft Windows with low overhead and low false rate.
關鍵字(中) ★ 瀏覽器
★ 遠端程式碼執行
關鍵字(英) ★ browsers
★ remote code execution
論文目次 摘 要 i
ABSTRACT ii
誌 謝 iii
目 錄 iv
圖 目 錄 vi
表 目 錄 vii
第一章 緒論 1
第二章 背景介紹 4
2-1 Drive-by Downloads 4
2-2 瀏覽器安全相關議題 6
2-2-1 Internet Explorer 6
2-2-2 ActiveX控制項 6
2-3 Internet Explorer一般執行流程 8
2-3-1 下載檔案 9
2-3-2 執行檔案 9
2-3-3 瀏覽網頁事件 10
2-4 Browser Help Objects 10
2-5 API Hooking和Detours Library 11
第三章 架構 14
3-1 解決方案之原理 14
3-1-1 區分 14
3-1-2 特徵取得 14
3-2 解決方案的架構 15
3-2-1 全覽 15
3-2-2 分類階段 16
3-2-3 執行階段 18
第四章 效能評估 19
4-1 效果 19
4-1-1 攻擊測試 19
4-1-2 誤判(False Positive) 21
4-2 執行效率 21
4-2-1 空間 21
4-2-2 時間 22
第五章 相關研究 25
5-1 網頁信用評等 25
5-2 網頁分析 25
5-3 Heap Spraying防禦機制 25
第六章 未來工作與總結 26
6-1 Future Work 26
6-2 總結 26
第七章 參考文獻 27
參考文獻 [1] X-Force 2008 Annual Report, http://www-935.ibm.com/services/us/iss/xforce/
[2] N. Provos, D. McNamee, P. Mavrommatis, K. Wang and N. Modadugu, " The Ghost In The Browser: Analysis of Web-based Malware", In Proceedings of the first USENIX workshop on hot topics in Botnets (HotBots’07). (April 007).
[3] N. Provos, P. Mavrommatis, M. Rajab and F. Monrose, "All Your iFRAMEs Point to Us", In 17th USENIX Security Symposium, pp. 1–15, 2008
[4] M. Polychronakis, P. Mavrommatis and N. Provos, "Ghost turns Zombie: Exploring the Life Cycle of Web-based Malware". In Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (April 00 ).
[5] Norton Safe Web, http://safeweb.norton.com/
[6] McAFee SiteAdvisor, http://www.siteadvisor.com/
[7] Trend Micro’s TrendProtect, http://www.trendsecure.com/portal/en-US/tools/security_tools/trendprotect
[8] P. Ratanaworabhan, B. Livshits and B. Zorn, "Nozzle: A Defense Against Heap-spraying Code Injection Attacks", Microsoft Research Technical Report MSR-TR-2008-176
[9] Microsoft Security Research & Defense, http://blogs.technet.com/srd/archive/2008/02/06/The-Kill_2D00_Bit-FAQ_3A00_-Part-1-of-3.aspx
[10] R. Repasi and S. Clausen, "Providing a Rating for a Web Site Based on Weighted User Feedback”, United States Patent Application Publication, US 2007/0271246
[11] Security Policy Settings on Windows Vista, http://technet.microsoft.com/en-us/library/cc722034(WS.10).aspx
[12] NetApplications Company News (December 1, 2008), http://www.netapplications.com/newsarticle.aspx?nid=45
[13] National Vulnerability Database, http://nvd.nist.gov/
[14] The Component Object Model: A Technical Overview, http://msdn.microsoft.com/en-us/library/ms809980.aspx
[15] Detours, http://research.microsoft.com/en-us/projects/detours/
[16] Abhishek Singh, “Portable Executable File Format”, Identifying Malicious Code Through Reverse Engineering, Advances in Information Security, Springer US
[17] Named Pipes, http://msdn.microsoft.com/en-us/library/aa365590(VS.85).aspx
指導教授 許富皓(Fu-hau Hsu) 審核日期 2009-7-24
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明