政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/110476
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113313/144292 (79%)
Visitors : 50945926      Online Users : 863
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/110476


    Title: 虛擬化環境之殭屍網路惡意程式行為側寫與偵測
    Authors: 蕭舜文;孫雅麗;陳孟彰
    Contributors: 資管系
    Keywords: 入侵偵測;行為側寫;惡意程式;虛擬機器;殭屍網路;intrusion detection;behavior profiling;malware;virtual machine;botnet
    Date: 2015-05
    Issue Date: 2017-06-23 17:28:12 (UTC+8)
    Abstract: 殭屍網路(Botnet)為目前資安防治的重點,肇因於Botnet常被用於大規模的網路攻擊,例如:DDoS、垃圾信件,故為偵測Botnet惡意程式,了解其惡意程式的行為是首要步驟。在本研究中,我們利用虛擬環境提出一個側寫以及偵測Botnet惡意程式的機制,所設計的代理程式被放置於虛擬機器監視器中,用來側寫虛擬機器中的惡意程式,其產生的側寫行為檔案經分析後,可用以檢測其他虛擬機器是否有相似的感染跡象。除以上被動觀察偵測外,本研究再提出主動式偵測方法,即藉由分析側寫行為,代理程式可以主動發出特殊的刺激事件,主動測試受測的虛擬機器是否遭受感染。我們以40隻真實世界的惡意程式為實驗樣本,並與正常的程式交叉分析,藉以精確地區分各家族的惡意程式以及正常程式。Botnet have been one of the most sophisticated and popular threats to Internet security since many cybercrimes were launched by them, i.e., DDoS, spamming. To detect the existence of a bot malware, the first step is to understand its behavior. In this research, we take the advantage of virtualized environment and propose a profiling and detection mechanism of bot malware in a virtualized environment. The proposed profiling and detection agent lies in the virtual machine monitor to profile a malware execution behavior. The output of the process is the characteristic description of the malware behavior referred to as the malware profile that is aimed to be used for effective malware detection. Besides passive malware detection, we also propose to use the obtained malware profiles to conduct active fingerprinting to detect malware hidden in unknown compromised computers. The agent sends specific stimulus to a targeted virtual machine to examine whether any expected triggerable behavior are observed. We use 40 real-world malware samples and several benign programs to show that our profiling and detection mechanisms can correctly distinguish bots and benign software with low false alarm.
    Relation: 前瞻科技與管理, Vol.5, No.1, pp.85-105
    Data Type: article
    DOI link: http://dx.doi.org/10.3966/222014242015050501004
    DOI: 10.3966/222014242015050501004
    Appears in Collections:[Department of MIS] Periodical Articles

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML2366View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback