政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/110476
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  全文筆數/總筆數 : 113318/144297 (79%)
造訪人次 : 51089765      線上人數 : 926
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋
    政大機構典藏 > 商學院 > 資訊管理學系 > 期刊論文 >  Item 140.119/110476
    請使用永久網址來引用或連結此文件: https://nccur.lib.nccu.edu.tw/handle/140.119/110476


    題名: 虛擬化環境之殭屍網路惡意程式行為側寫與偵測
    作者: 蕭舜文;孫雅麗;陳孟彰
    貢獻者: 資管系
    關鍵詞: 入侵偵測;行為側寫;惡意程式;虛擬機器;殭屍網路;intrusion detection;behavior profiling;malware;virtual machine;botnet
    日期: 2015-05
    上傳時間: 2017-06-23 17:28:12 (UTC+8)
    摘要: 殭屍網路(Botnet)為目前資安防治的重點,肇因於Botnet常被用於大規模的網路攻擊,例如:DDoS、垃圾信件,故為偵測Botnet惡意程式,了解其惡意程式的行為是首要步驟。在本研究中,我們利用虛擬環境提出一個側寫以及偵測Botnet惡意程式的機制,所設計的代理程式被放置於虛擬機器監視器中,用來側寫虛擬機器中的惡意程式,其產生的側寫行為檔案經分析後,可用以檢測其他虛擬機器是否有相似的感染跡象。除以上被動觀察偵測外,本研究再提出主動式偵測方法,即藉由分析側寫行為,代理程式可以主動發出特殊的刺激事件,主動測試受測的虛擬機器是否遭受感染。我們以40隻真實世界的惡意程式為實驗樣本,並與正常的程式交叉分析,藉以精確地區分各家族的惡意程式以及正常程式。Botnet have been one of the most sophisticated and popular threats to Internet security since many cybercrimes were launched by them, i.e., DDoS, spamming. To detect the existence of a bot malware, the first step is to understand its behavior. In this research, we take the advantage of virtualized environment and propose a profiling and detection mechanism of bot malware in a virtualized environment. The proposed profiling and detection agent lies in the virtual machine monitor to profile a malware execution behavior. The output of the process is the characteristic description of the malware behavior referred to as the malware profile that is aimed to be used for effective malware detection. Besides passive malware detection, we also propose to use the obtained malware profiles to conduct active fingerprinting to detect malware hidden in unknown compromised computers. The agent sends specific stimulus to a targeted virtual machine to examine whether any expected triggerable behavior are observed. We use 40 real-world malware samples and several benign programs to show that our profiling and detection mechanisms can correctly distinguish bots and benign software with low false alarm.
    關聯: 前瞻科技與管理, Vol.5, No.1, pp.85-105
    資料類型: article
    DOI 連結: http://dx.doi.org/10.3966/222014242015050501004
    DOI: 10.3966/222014242015050501004
    顯示於類別:[資訊管理學系] 期刊論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML2369檢視/開啟


    在政大典藏中所有的資料項目都受到原著作權保護.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 回饋