中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/86549
English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 81570/81570 (100%)
造訪人次 : 47023542      線上人數 : 180
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
    •  進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/86549


    題名: VMDMD: A Solution to Defend a Linux System against VM-detection-based Malware
    作者: 許?方;Hsu, Li-Fang
    貢獻者: 資訊工程學系
    關鍵詞: 虛擬機檢測;Linux惡意程式;VM detection;Linux Malware
    日期: 2021-07-27
    上傳時間: 2021-12-07 12:57:40 (UTC+8)
    出版者: 國立中央大學
    摘要: 過去半個世紀以來,隨著Windows OS在個人電腦市場上的宰制性,資訊安全人員與駭客之間的戰場主要放在了Windows-based的惡意程式上。近年來隨著IoT(Internet of Things)的發展,能夠支援更多元架構的Linux作業系統被大量使用在更輕薄的嵌入式裝置上,讓攻擊者逐漸將目光放在了Linux作業系統上。
    根據以往Windows-based惡意程式的發展經驗,在這場資訊安全人員與駭客之間的貓捉老鼠遊戲中,由於虛擬機或沙箱經常被惡意程式分析人員用於分析惡意程式,惡意程式為了最大程度的阻止資訊安全人員的分析,絕大多數都發展出了相應的虛擬機偵測機制,因此可以預期Linux-based惡意程式極大可能也同樣會走向這樣的結果。
    由於這類惡意程式在檢測到自己在虛擬機之後,會表現出與不在虛擬機中不同的行為,本篇論文針對Linux-based惡意程式現有及未來可能會出現的虛擬機偵測機制進行分析,提出一套能夠停止帶有虛擬機偵測機制的惡意程式的方法,命名為VMDMD,為Virtual Machine Detection-based Malware Defender的縮寫。VMDMD在偵測到目標Process執行類似虛擬機檢測的行為時,會先fork出一個新Process(於本篇論文中,我們簡稱為FDP,Fake Data Process)並給予其虛擬機上的假資料,同時記錄它的執行流程,之後再恢復原本Process並比對他們的行為,只要一不相同就馬上停止其執行。
    ;For the half past century, with the dominating of Windows Operating System on the market share of Personal Computer, the war between Security researchers and attackers mainly focus on Windows-based malware. Recently, with the development of IoTs (Internet of Things), more embedded devices tend to use Linux Operating System, which could support various kinds of architecture.
    According to the experience on Windows-based malware, in this “Cat and Mouse Game”between attacks and security researchers, in order to prevent analysis on malware by malware analyst, the malware writers used to apply virtual machine detect mechanism (anti-vm, evasive) on malware, since virtual machines or sandboxes are widely used on analyzing malware . Although it is still not a trend on Linux-malware, we expect there will be more malware start to detect virtual machine detect method to avoid analysis.
    Since this kind of malware usually change its behavior after detecting itself a in virtual machine. In this paper, we focus on the evasive method used by Linux-based malware, proposing a mechanism to detect the evasive behavior, which is called VMDMD, it is a abbreviation for Virtual Machine Detection-based Malware Defender). VMDMD will fork another target process (hereafter we call it FDP, Fake Data Process) and provide fake information as if the target process behaves evasive, and trace its execution and result. And then resume the target program with the real information, and stop its execution after behave differently from FDP.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML91檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明