中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/48407
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 41681273      Online Users : 2124
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/48407


    Title: none Antivirus Software Shield against Antivirus Terminators
    Authors: 陳介文;Chieh-wen Chen
    Contributors: 資訊工程研究所
    Keywords: 防毒軟體;資訊安全;antivirus software;security
    Date: 2011-07-20
    Issue Date: 2012-01-05 14:53:51 (UTC+8)
    Abstract: 近半個世紀以來,資訊安全人員與駭客之間的攻防戰從來沒停歇過,攻擊者不斷嘗試找出更多可利用的安全漏洞,而資安人員則致力於保護使用者的資訊安全。一般最常見也最基本的保護措施即安裝防毒軟體。若是每位防毒軟體使用者都具有基本的資訊安全知識並定期更新病毒碼,攻擊者在撰寫惡意程式時就必須花很多心力避免被防毒軟體偵測到以利於惡意軟體的運作。 因此,惡意軟體自我保護機制也逐漸的發展成形。其中一種常見的惡意軟體自我保護機制為一旦惡意軟體被執行,首要的工作就是將運作環境中的防毒軟體關閉,當防毒軟體被關閉,使用者的電腦保護傘如同虛設,攻擊者便如入無人之境能夠為所欲為,這對使用者的資訊安全將會造成很大的危害。 這篇論文主要針對惡意軟體強制關閉防毒軟體的行為提出防護的方法。我們分析了數隻病毒樣本得到攻擊者常見的攻擊手法,並根據這些攻擊手法設計了一套以SSDT hook為基礎的防護方案。我們提供了一個對系統運作效率影響極低且有效的防禦機制。 In the near several decades, the arms race between malware writers and system security watchmen has become more and more severe. The simplest way for a user to secure her/his computer while using it is to install antivirus software on her/his computer. As antivirus software becomes more sophisticated and powerful, evading the detection of antivirus software becomes an important part of malware. Without a good approach to bypass the detection of antivirus software, before doing any vicious activity, malware may have already been removed by antivirus software. As a result, malware writers have developed various approaches to increase the survivability and stealth of their malware. And many malware self-defense technologies have been implemented. One of these technologies is to disrupt the functionality of security solutions, especially antivirus software. For example, lot of malware terminates antivirus software right after their execution. Without the protection of the terminated security tool, an attacker can do anything on the intruded host. In this paper, we propose a mechanism, called ANtivirus Software Shield (ANSS), to prevent antivirus software from being terminated without the consciousness of the antivirus software users. ANSS uses SSDT hook to intercept specific Windows APIs and analyzes them to filter out hazardous API calls that will viciously terminate antivirus software. Experimental results show that ANSS can protect antivirus software from being terminated by malware used in our experiments with at most 3.5% performance overhead.
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML573View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明