資料載入中.....
|
請使用永久網址來引用或連結此文件:
https://ir.lib.ncu.edu.tw/handle/987654321/106851
|
| 題名: | MalPEFinder: Fast and retrospective assessment of data breaches in malware attacks |
| 作者: | 陳奕明;Liu, Shun-Te;Chen, Yi-Ming |
| 貢獻者: | 管理學院資訊管理學系 |
| 關鍵詞: | data breach assessment;malware detection;retrospective detection |
| 日期: | 2012-01-01 |
| 上傳時間: | 2026-04-23 13:46:42 (UTC+8) |
| 出版者: | Hindawi Limited;Chichester, UK: John Wiley & Sons, Ltd |
| 摘要: | 摘要: A successful data breach is often caused by malware installed by attackers. In a large‐scale computer environment, it is difficult and costly for information technology managers to identify the victims and to assess the scope of the data breach when a malware attack occurs. Therefore, a quick and retrospective mechanism that can find victims is required. One such technology is Search. However, most search techniques are not designed for searching executable files; indeed, they become worse in identifying malware files because of polymorphism and/or metamorphism. In this paper, we propose a portable executable format file search mechanism, called MalPEFinder. Instead of searching malware files, this mechanism searches the malware‐related files retrospectively. Based on these files and their ownership, MalPEFinder can locate malware files on a large scale quickly. Furthermore, the possibly breached files also can be identified. A MalPEFinder prototype has been implemented on the hadoop platform in order to perform three functions: (i) searching retrospectively; (ii) protecting evidence against tampering; and (iii) dealing with future data growth. We used 72 malware to evaluate the accuracy and efficiency of our system. The experimental results show that MalPEFinder has a higher detection rate as well as a lower false positive rate than the famous splunk tool. Copyright © 2011 John Wiley & Sons, Ltd. This paper proposes a Portable Executable (PE)‐format file search mechanism, called MalPEFinder. Instead of searching malware files, this mechanism searches the malware‐related files retrospectively. With these files and their ownership, MalPEFinder can locate malware files on a large scale quickly. We used 72 malware to evaluate the accuracy and efficiency of our system. The experimental results show that MalPEFinder has a higher detection rate as well as a lower false positive rate than the famous SPLUNK tool.
其他題名: Security Comm. Networks
出版者: Chichester, UK: John Wiley & Sons, Ltd
出版日期: 2012-08
出處: Security and communication networks, 2012-08, Vol.5 (8), p.899-915
版權: Copyright © 2011 John Wiley & Sons, Ltd.
識別號: ISSN: 1939-0114
識別號: EISSN: 1939-0122
識別號: DOI: 10.1002/sec.390 |
| 顯示於類別: | [資訊管理學系] 期刊論文
|
文件中的檔案:
| 檔案 |
描述 |
大小 | 格式 | 瀏覽次數 |
|---|
| index.html | | 0Kb | HTML | 10 | 檢視/開啟 |
|
在NCUIR中所有的資料項目都受到原著作權保護.
|
