中大學術數位典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/106851
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 94201/94201 (100%)
Visitors : 81675343      Online Users : 3953
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: https://ir.lib.ncu.edu.tw/handle/987654321/106851


    Title: MalPEFinder: Fast and retrospective assessment of data breaches in malware attacks
    Authors: 陳奕明;Liu, Shun-Te;Chen, Yi-Ming
    Contributors: 管理學院資訊管理學系
    Keywords: data breach assessment;malware detection;retrospective detection
    Date: 2012-01-01
    Issue Date: 2026-04-23 13:46:42 (UTC+8)
    Publisher: Hindawi Limited;Chichester, UK: John Wiley & Sons, Ltd
    Abstract: 摘要: A successful data breach is often caused by malware installed by attackers. In a large‐scale computer environment, it is difficult and costly for information technology managers to identify the victims and to assess the scope of the data breach when a malware attack occurs. Therefore, a quick and retrospective mechanism that can find victims is required. One such technology is Search. However, most search techniques are not designed for searching executable files; indeed, they become worse in identifying malware files because of polymorphism and/or metamorphism. In this paper, we propose a portable executable format file search mechanism, called MalPEFinder. Instead of searching malware files, this mechanism searches the malware‐related files retrospectively. Based on these files and their ownership, MalPEFinder can locate malware files on a large scale quickly. Furthermore, the possibly breached files also can be identified. A MalPEFinder prototype has been implemented on the hadoop platform in order to perform three functions: (i) searching retrospectively; (ii) protecting evidence against tampering; and (iii) dealing with future data growth. We used 72 malware to evaluate the accuracy and efficiency of our system. The experimental results show that MalPEFinder has a higher detection rate as well as a lower false positive rate than the famous splunk tool. Copyright © 2011 John Wiley & Sons, Ltd. This paper proposes a Portable Executable (PE)‐format file search mechanism, called MalPEFinder. Instead of searching malware files, this mechanism searches the malware‐related files retrospectively. With these files and their ownership, MalPEFinder can locate malware files on a large scale quickly. We used 72 malware to evaluate the accuracy and efficiency of our system. The experimental results show that MalPEFinder has a higher detection rate as well as a lower false positive rate than the famous SPLUNK tool.
    其他題名: Security Comm. Networks
    出版者: Chichester, UK: John Wiley & Sons, Ltd
    出版日期: 2012-08
    出處: Security and communication networks, 2012-08, Vol.5 (8), p.899-915
    版權: Copyright © 2011 John Wiley & Sons, Ltd.
    識別號: ISSN: 1939-0114
    識別號: EISSN: 1939-0122
    識別號: DOI: 10.1002/sec.390
    Appears in Collections:[Department of Information Management] journal & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML11View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明