基於機器學習及掃毒檢測的惡意程式封鎖機制

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：61

、訪客IP：3.144.25.212

姓名

張佑菖(Charles Yuchang Chang) 查詢紙本館藏

畢業系所

資訊工程學系在職專班

論文名稱

基於機器學習及掃毒檢測的惡意程式封鎖機制
(An Automatic Malware Blocking Mechanism Based on Machine Learning and Anti-Virus)

相關論文

★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm	★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制	★ SRA系統防禦ARP欺騙劫持路由器
★ A Solution for Detecting and Defending ARP Spoofing on Virtual Machines	★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統
★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統	★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection
★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks	★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection
★ Shark: Phishing Information Recycling from Spam Mails	★ FFRTD: Beat Fast-Flux by Response Time Differences
★ Antivirus Software Shield against Antivirus Terminators	★ MAC-YURI : My ACcount, YoUr ResponsIbility
★ KKBB: Kernel Keylogger Bye-Bye	★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2028-6-30以後開放)

摘要(中)

本研究透過機器學習技術結合掃毒檢測，設計出⼀機制能夠有效檢測使用者於HTTPS網站下載的惡意程式並阻擋於外部。本機制所設計的架構可彈性調整部署位置，將惡意程式於外部網路或是隔離區進⾏掃描。本機制之惡意程式檢測⽅法有⼆，MLC 模組可攔截約77%惡意程式，AVS 模組可達100%。另外檢測紅隊各滲透階段常用⼯具，皆能成功攔截。

摘要(英)

In this study, a mechanism is designed to effectively detect malware downloaded from HTTPS websites and block them from outside the network by combining machine learning technology with anti-virus detection. The architecture of this mechanism can be flexibly deployed to scan malware in external network or quarantine area. There are two ways to detect malware in this mechanism, the MLC module can block about 77% of malware and the AVS module can reach 100%. In addition, the Red Team′s common tools for each infiltration stage can be successfully blocked.

關鍵字(中)

★ 惡意程式封鎖機制
★ 機器學習
★ 掃毒檢測

關鍵字(英)

★ Malware Blocking Mechanism
★ Machine Learning
★ Anti-Virus

論文目次

摘要 I
ABSTRACT II
誌謝 III
目錄 IV
圖目錄 VI
表目錄 VII
一、序論 1
1-1 研究動機 1
1-2 研究目的 3
二、相關研究 4
2-1 惡意程式辨識 4
2-1-1 基於機器學習的方法 4
2-1-2 基於類神經網路的方法 5
2-2 惡意程式偵測與防護 6
三、系統設計 7
3-1 系統環境規劃 8
3-2 系統模組 9
3-2-1 Proxy Server, PS 10
3-2-2 Machine Learning Classifier, MLC 11
3-2-3 AntiVirus Scanner,AVS 12
四、實驗評估 13
4-1 實驗評估環境 13
4-2 實驗評估環境配置 13
五、實驗評估執行與結果 15
5-1 HTTP網站直接下載執行檔 15
5-2 HTTPS網站下載執行檔 18
5-3 實驗評估結果 22
六、未來工作與結論 25
6-1 未來工作 25
6-1-1 區域聯防 25
6-1-2 導入MLOps 26
6-2 結論 27
參考文獻 29

參考文獻

[1] B. C. da Rocha, L. P. de Melo, and R. T. de Sousa, "Preventing APT attacks on LAN networks with connected IoT devices using a zero trust based security model," 2021 Workshop on Communication Networks and Power Systems (WCNPS), pp. 1-6, 2021.
[2] "Cyber Kill Chain®." https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html (accessed 2023).
[3] M. Apostol, B. Paliniuc, R. Morar, and F. Vidu, "Malicious Strategy: Watering Hole Attacks," Romanian Cyber Security Journal, 2022.
[4] E. Raff, J. Sylvester, and C. Nicholas, "Learning the PE Header, Malware Detection with Minimal Domain Knowledge," presented at the Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, Dallas, Texas, USA, 2017. [Online]. Available: https://doi.org/10.1145/3128572.3140442.
[5] Hyrum and P. Roth, "EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models," arXiv pre-print server, 2018-04-16 2018, doi: None
[6] H.-D. Pham, T. D. Le, and T. N. Vu, "Static PE Malware Detection Using Gradient Boosting Decision Trees Algorithm," Springer International Publishing, 2018, pp. 228-236.
[7] E. Raff, J. Barker, J. Sylvester, R. Brandon, B. Catanzaro, and C. Nicholas, "Malware Detection by Eating a Whole EXE," arXiv pre-print server, 2017-10-25 2017, doi: None arxiv:1710.09435.
[8] M. Krcál, O. Švec, M. Bálek, and O. Jasek, "Deep Convolutional Malware Classifiers Can Learn from Raw Executables and Labels Only," in International Conference on Learning Representations, 2018.
[9] D. Gibert, C. Mateu, J. Planes, and R. Vicens, "Using convolutional neural networks for classification of malware represented as images," Journal of Computer Virology and Hacking Techniques, vol. 15, no. 1, pp. 15-28, 2019, doi: 10.1007/s11416-018-0323-0.
[10] P. Bagane, S. G. Joseph, A. Singh, A. Shrivastava, B. Prabha, and A. Shrivastava, "Classification of Malware using Deep Learning Techniques," in 2021 9th International Conference on Cyber and IT Service Management (CITSM), Bengkulu, Indonesia, 2021: IEEE, pp. 1-7, doi: 10.1109/citsm52892.2021.9588795. [Online]. Available: https://dx.doi.org/10.1109/citsm52892.2021.9588795
[11] D. Vasan, M. Alazab, S. Wassan, B. Safaei, and Q. Zheng, "Image-Based malware classification using ensemble of CNN architectures (IMCEC)," Computers & Security, vol. 92, p. 101748, 2020, doi: 10.1016/j.cose.2020.101748.
[12] D. Kim, D. Mirsky, A. Majlesi-Kupaei, and R. Barua, "A Hybrid Static Tool to Increase the Usability and Scalability of Dynamic Detection of Malware," 2018: IEEE, doi: 10.1109/malware.2018.8659373. [Online]. Available: https://dx.doi.org/10.1109/malware.2018.8659373
[13] S. Cesare and Y. Xiang, "A Fast Flowgraph Based Classification System for Packed and Polymorphic Malware on the Endhost," in 2010 24th IEEE International Conference on Advanced Information Networking and Applications, 2010: IEEE, doi: 10.1109/aina.2010.121. [Online]. Available: https://dx.doi.org/10.1109/aina.2010.121
[14] R. Thomas, "LIEF - Library to Instrument Executable Formats," 2017 2017. [Online]. Available: https://lief.quarkslab.com/.
[15] c. Wikipedia, "VirusTotal," in Wikipedia, The Free Encyclopedia., ed.
[16] A. K. Srivastava, A. S. Chauhan, S. Gupta, A. K. Gautam, and G. Kaur, "Malware Detection Using Online Information Sharing Platforms and Behavior Based Analysis," 2018.

指導教授

許富皓(Fu-Hau Hsu)

審核日期

2023-7-20

推文