中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/83967
English  |  正體中文  |  简体中文  |  全文笔数/总笔数 : 81570/81570 (100%)
造访人次 : 47023053      在线人数 : 187
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜寻范围 查询小技巧:
  • 您可在西文检索词汇前后加上"双引号",以获取较精准的检索结果
  • 若欲以作者姓名搜寻,建议至进阶搜寻限定作者字段,可获得较完整数据
    •  进阶搜寻


    jsp.display-item.identifier=請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/83967


    题名: COE: Anti-Virus for Fileless Malware
    作者: 蕭登銓;Hsiao, Teng-Chuan
    贡献者: 資訊工程學系
    关键词: 防毒軟體;無檔案攻擊;動態分析;記憶體分析;anti-virus;filess malware;dynamic analysis;memory analysis
    日期: 2020-07-23
    上传时间: 2020-09-02 17:47:32 (UTC+8)
    出版者: 國立中央大學
    摘要: 防毒軟體是保護資訊安全重要的一環,能有效偵測並刪除惡意程式,而傳統的防毒軟體大部分以靜態分析的簽章 (signature-based) 技術來偵測病毒。然而,在面對新型態的攻擊手法時,僅使用靜態分析則無法發揮保護效果。傳統攻擊手法會先將惡意程式檔案寫入磁碟,再執行此惡意程式才能達成其惡意行為,而無檔案惡意程式不像傳統惡意程式那樣容易被偵測,攻擊者會利用各種技巧來隱藏惡意程式,使惡意程式不需要先被寫入磁碟,而是能直接在記憶體中執行,藉此規避防毒軟體的偵測。因此在本篇論文中我們提出一套檢查機制,命名為Check-on-Execute(COE),當程式要執行可寫又可執行之記憶體區段中的一段程式碼或僅存於記憶體的檔案時,COE 會暫停這個未經檢查的執行,並對其程式碼進行檢查。然後再依據檢查的結果判斷是否允許執行,防止系統遭到無檔案惡意程式攻擊。;Anti-virus software is an important part of protecting information security, which can effectively detect and delete malicious programs, and most of the traditional anti-virus software uses static analysis (signaturebased) technology to detect viruses. However, in the face of a new type of attack methods, only using static analysis can not play a protective effect.
      Traditional attack methods will first store the malware to disk, and then execute this malware to achieve its malicious behavior. Fileless malware is not as easily detected as traditional malware. Attackers will use
    various techniques to hide malicious programs. And the malware can be directly executed in the memory without being loaded into the disk first, and can avoid the detection of anti-virus software.
      Therefore, in this paper, we propose a set of defense mechanisms, named Check-on-Execute (COE). When a program wants to execute a piece of code in a writable and executable memory area or a in-memoryonly file , COE will suspend this unchecked execution and check its code. And then judge whether to allow execution based on the results of the check to prevent the system from being attacked by fileless malware.
    显示于类别:[資訊工程研究所] 博碩士論文

    文件中的档案:

    档案 描述 大小格式浏览次数
    index.html0KbHTML166检视/开启


    在NCUIR中所有的数据项都受到原著作权保护.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明