中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/49019
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 81570/81570 (100%)
造访人次 : 47026682      在线人数 : 105
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/49019


    题名: 以聚合技術改善系統呼叫為基礎之惡意程式行為偵測;Using Aggregation Technology to Improve System Call Based Malware Behavior Detection
    作者: 彭建福;Chien-Fu Peng
    贡献者: 資訊管理研究所
    关键词: 存活意圖;惡意程式行為偵測;系統呼叫;自我複製;survival intent;Behavioral detection of malware;system call;self-replication
    日期: 2011-08-25
    上传时间: 2012-01-05 15:13:21 (UTC+8)
    摘要: 惡意軟體(Malware) 是指具某些攻擊意圖的軟體,近年來惡意程式的大量增加,以及多型、模糊化、加密等惡意程式自我防護技術,使得傳統惡意程式靜態分析方式效果有所限制,因此目前許多研究著重在惡意程式的行為偵測。然而先前惡意程式行為偵測研究大部分以程序(process)為導向,意即只監控單一程序的行為,忽略了惡意程式可能利用多個共犯程序相互合作以完成其目的,甚至利用合法程序來掩飾本身的惡意行為。本研究提出以相依矩陣來記錄系統中所有程序的相依關係,並提出演算法偵測惡意程式由多個程序所共同產生自我複製、存活意圖等行為特徵,達到以聚合式多模組方法來關聯系統中所有程序,藉此以改善傳統惡意程式行為偵測的缺陷。我們在虛擬機器上執行惡意程式後利用微軟process monitor記錄系統中所有模組的行為,再以聚合技術偵測系統中是否有自我複製以及存活意圖等惡意行為特徵,本研究中實驗了140支惡意程,其中有11%惡意程式具有利用多模組來完成自我複製行為,在J.A.Mories以及V.Skormin等研究中將會對該類型惡意程式都會產生漏報,本研究採聚合偵測技術克服此缺點並成功偵測出此類型惡意程式,此外在惡意程式存活行為偵測改善了先前研究須採用白名單的缺點,降低了誤報的情形。 Malware is one kind of software which has intention to attack computer systems. In recent years there has significant increase in the number of malware, in addition malware also use polymorphism, obfuscation and packing technologies to protect itself. For the above reason, the effect of traditional static malware detection technology is restricted, as a result in recent years many studies focused on dynamic malware detection technology. However most of the previous studies are process center oriented, which mean these studies only monitor one process’s behavior, ignoring the possibility of malware using multiple process to complete malicious intent, or control legal process to hide their malicious behavior. In this paper we propose the use of dependency structure matrix to record the behavior of all process in user’s system and also propose an algorithm to detect multiple process’s self-replication and survival behavior, find the relations of the system processes by using the aggregation technology to improve the detection rate of traditional dynamic malware detection. As an evaluation of our proposes system. We execute the malware samples in the virtual machine and using process monitor tool to recorded system processes, and then detect whether our system can detect the malware or not. Experimental results show that we can detect 11% malware used the multiple processes to complete malicious intent in the 140 malware samples, and improve the weakness of previous studies which must used white list to avoid false positive.
    显示于类别:[資訊管理研究所] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML756检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明