中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/48385
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42600182      Online Users : 1082
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/48385


    Title: USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm
    Authors: 廖世傑;Shih-Chieh Liao
    Contributors: 資訊工程學系碩士在職專班
    Keywords: Malware偵測;DLL Injection;API Hooking;Security;USB蠕蟲;Security;Malware detection;DLL Injection;API Hooking;USB Worm
    Date: 2011-08-22
    Issue Date: 2012-01-05 14:53:07 (UTC+8)
    Abstract: 由於USB儲存裝置的普遍與便利,加上Windows作業系統支援autorun的功能,導致USB儲存裝置成為新的蠕蟲傳播方式。有別於以往的蠕蟲直接透過網路進行遠端入侵,USB蠕蟲則是利用被廣泛使用的USB儲存裝置從組織內部進行感染,這種感染方式使得網路防火牆與入侵偵測系統形同虛設,也讓全世界的企業與個人遭受到巨大的損失。 在本篇論文中,我們藉由分析USB蠕蟲感染USB儲存裝置的方式,設計出一套可自我散佈的USB蠕蟲偵測機制 ─ USB Worm Killer (UWK),以解決目前USB蠕蟲的問題。UWK透過DLL Injection與API Hooking的技術,將此機制注入USB儲存裝置裡的autorun.inf所指定執行的可疑行程中,並藉由模擬USB儲存裝置,讓可疑行程誤以為系統中有多個USB儲存裝置存在而嘗試對其寫入autorun.inf與可疑執行檔,一旦可疑行程有上述行為,UWK就會將其判定為USB蠕蟲並中止其執行,以達到防止USB蠕蟲的散佈。 Due to the widespread-use of the USB storage devices and the autorun function provided by Windows OS, the USB storage devices have become the new spread method used by the USB worms. Differentiated from the past worms scanned the computers directly and intruded in them remotely via the Internet, USB worms could utilize the storage devices to infect the internal computers of the organizations. This infection makes the Internet Firewall and the Network Intrusion Detection System work ineffectively, and it also causes the whole-world entrepreneur suffer the severely tremendous losses as well as the individuals. In this paper, we present a self-spread USB worm detection system, USB Worm Killer (UWK), to solve the current problems caused by the USB worms. UWK utilizes the DLL Injection and API Hooking techniques to inject itself into the address space of the process which specified by the autorun.inf. UWK also simulates the USB storage devices and catch the request of writing the autorun.inf and worm itself. Once the above request occur, UWK will determine it as an USB worm and terminate it to avoid the spread of the USB worm.
    Appears in Collections:[Executive Master of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML890View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明