中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/48385
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42605624      線上人數 : 1306
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/48385


    題名: USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm
    作者: 廖世傑;Shih-Chieh Liao
    貢獻者: 資訊工程學系碩士在職專班
    關鍵詞: Malware偵測;DLL Injection;API Hooking;Security;USB蠕蟲;Security;Malware detection;DLL Injection;API Hooking;USB Worm
    日期: 2011-08-22
    上傳時間: 2012-01-05 14:53:07 (UTC+8)
    摘要: 由於USB儲存裝置的普遍與便利,加上Windows作業系統支援autorun的功能,導致USB儲存裝置成為新的蠕蟲傳播方式。有別於以往的蠕蟲直接透過網路進行遠端入侵,USB蠕蟲則是利用被廣泛使用的USB儲存裝置從組織內部進行感染,這種感染方式使得網路防火牆與入侵偵測系統形同虛設,也讓全世界的企業與個人遭受到巨大的損失。 在本篇論文中,我們藉由分析USB蠕蟲感染USB儲存裝置的方式,設計出一套可自我散佈的USB蠕蟲偵測機制 ─ USB Worm Killer (UWK),以解決目前USB蠕蟲的問題。UWK透過DLL Injection與API Hooking的技術,將此機制注入USB儲存裝置裡的autorun.inf所指定執行的可疑行程中,並藉由模擬USB儲存裝置,讓可疑行程誤以為系統中有多個USB儲存裝置存在而嘗試對其寫入autorun.inf與可疑執行檔,一旦可疑行程有上述行為,UWK就會將其判定為USB蠕蟲並中止其執行,以達到防止USB蠕蟲的散佈。 Due to the widespread-use of the USB storage devices and the autorun function provided by Windows OS, the USB storage devices have become the new spread method used by the USB worms. Differentiated from the past worms scanned the computers directly and intruded in them remotely via the Internet, USB worms could utilize the storage devices to infect the internal computers of the organizations. This infection makes the Internet Firewall and the Network Intrusion Detection System work ineffectively, and it also causes the whole-world entrepreneur suffer the severely tremendous losses as well as the individuals. In this paper, we present a self-spread USB worm detection system, USB Worm Killer (UWK), to solve the current problems caused by the USB worms. UWK utilizes the DLL Injection and API Hooking techniques to inject itself into the address space of the process which specified by the autorun.inf. UWK also simulates the USB storage devices and catch the request of writing the autorun.inf and worm itself. Once the above request occur, UWK will determine it as an USB worm and terminate it to avoid the spread of the USB worm.
    顯示於類別:[資訊工程學系碩士在職專班 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML890檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明