政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/119754
English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 113873/144892 (79%)
Visitors : 51920210      Online Users : 597
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/119754


    Title: 基於記憶體鑑識發掘惡意攻擊跡證與惡意程式特徵值之研究
    A Study on Exposing Evidences of Malicious Attacks and Features of Malwares Based on Memory Forensics
    Authors: 莊禾暘
    Chuang, Ho-Yang
    Contributors: 左瑞麟
    Tso, Ray-Lin
    莊禾暘
    Chuang, Ho-Yang
    Keywords: 記憶體鑑識
    Web應用程式漏洞
    Linux惡意程式
    Memory forensics
    Web application vulnerabilities
    Linux malware
    Date: 2018
    Issue Date: 2018-08-29 15:55:28 (UTC+8)
    Abstract: 截至目前為止所發生的TB級DDoS攻擊,其龐大的殭屍大軍多數來自於IoT連線設備。倘若駭客利用殭屍大軍針對工業基礎設施發動DDoS攻擊,可能會造成非同小可的傷害。而目前IoT發展已來到第四階段,也就是透過既有的Web標準來達成設備間互相通訊,稱之為WoT。對於新的趨勢,所會面臨到的安全議題不僅止於IoT連線設備,亦包含Web應用程式漏洞。而諸如無痕瀏覽模式、自我刪除的惡意程式等匿蹤技術的發展,使得鑑識人員於調查過程中遇到阻礙。因此,本研究藉由記憶體鑑識技術針對WoT時代可能會發生的攻擊手法進行探討。
    Currently, most of the DDoS attacks that exceed 1 TB per second are executed from large-scale-IoT botnets. If these attacks were aimed at critical industrial infrastructure, it could have caused damage to our society at an extraordinary scale. The rising threat of DDoS attacks are fueled by the increased development of IoTs, which has now reached its fourth stage, called the WoT. WoT is a term used to describe approaches, software architectural styles and programming patterns that allow previously IoT objects to be part of the World Wide Web. As WoT approaches reality, on-device vulnerabilities are no longer the only problem that must be considered in a security assessment, Web application vulnerabilities must be considered as well. Additionally, Forensic investigators now encounter new challenges that increase the difficulty of investigation, with some examples being privacy browsers and self-deleting malware. As a potential solution to those challenges, this thesis discusses how memory forensic can be used to discover the cyber-criminal in a WoT crime.
    Reference: [1]W. Ahmed and B. Aslam, "A comparison of windows physical memory acquisition tools," IEEE Military Communications Conference (MILCOM), pp. 1292-1297, 2015.
    [2]I. Balasundaram and E. Ramaraj, "An Authentication Scheme for Preventing SQL Injection Attack Using Hybrid Encryption," European Journal of Scientific Research, vol. 53, no. 3, pp. 359-368, 2011.
    [3]R. Dave, N. Mistry and M.S. Dahiya, "Volatile Memory Based Forensic Artifacts & Analysis," International Journal for Research in Applied Science and Engineering Technology (IJRASET), vol. 2, no. 1, pp. 120-124, 2014.
    [4]S. Dija, G.S. Suma, D.D. Gonsalvez and A.T. Pillai,"Forensic reconstruction of executables from Windows 7 physical memory," IEEE International Conference on Computational Intelligence and Computing Research (ICCIC), pp. 1-5, 2016.
    [5]X. Fu, X. Du, B. Luo, J. Shi, Z. Guan and Y. Wang, "Correlating processes for automatic memory evidence analysis," IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 115-120, 2015.
    [6]A. Ghafarian and S.A.H. Seno, "Analysis of Privacy of Private Browsing Mode through Memory Forensics," International Journal of Computer Applications, vol. 132, no. 1, pp. 27-34, 2015.
    [7]K. Hausknecht, D. Foit and J. Burić, "RAM data significance in digital forensics," International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), pp. 1372-1375, 2015.
    [8]A. Heriyanto, C. Valli and P.Hannay, "Comparison of Live Response, Linux Memory Extractor (LiME) and Mem Tool for Acquiring Android’s Volatile Memory in the Malware Incident," Australian Digital Forensics Conference, pp. 5-14, 2015.
    [9]Q. Hua and Y. Zhang, "Detecting Malware and Rootkit via Memory Forensics," International Conference on Computer Science and Mechanical Automation (CSMA), pp. 92-96, 2015.
    [10]R. Johari and N. Gupta, "Secure Query Processing in Delay Tolerant Network Using Java Cryptography Architecture,"International Conference on Computational Intelligence and Communication Networks, pp. 653-657, 2011.
    [11]R. Johari and N. Gupta, "Insecure Query Processing in the Delay/Fault Tolerant Mobile Sensor Network (DFT-MSN) and Mobile Peer to Peer Network," International Conference on Network Security and Applications, pp. 453-462, 2011.
    [12]D. Kaur and P. Kaur, "Empirical Analysis of Web Attack," Procedia Computer Science, vol. 78, no. 1, pp. 298-306, 2016.
    [13]B.S. Ke, J.S. Lin, S.J. Wang, and H.K. Tso, "Private Browsing Evidence of Google History Investigations in Computer Forensics," Journal of e-Business, vol. 16, no. 1, pp. 85-106, 2014.
    [14]A. Kieyzun, P.J. Guo, K. Jayaraman, and M.D. Ernst, "Automatic creation of SQL Injection and cross-site scripting attacks," IEEE International Conference on Software Engineering, pp. 199-209, 2009.
    [15]C. Liming, S. Jing and Q. Wei, "Study on Forensic Analysis of Physical Memory," International Symposium on Computer,Communication, Control and Automation (3CA ), pp. 221-224, 2013.
    [16]M. Moh, S. Pininti, S. Doddapaneni, and T.S. Moh, "Detecting Web Attacks Using Multi-Stage Log Analysis," IEEE International Conference on Advanced Computing (IACC), pp. 733-738, 2016.
    [17]D.N. Patil and B.B. Meshram, "Digital Forensic Analysis of Ubuntu File System," International Journal of Cyber-Security and Digital Forensics, vol. 5, no. 4, pp. 175-186, 2016.
    [18]Periyadi, G. A. Mutiara and R. Wijaya, "Digital forensics random access memory using live technique based on network attacked," International Conference on Information and Communication Technology (ICoIC7), pp. 1-6, 2017.
    [19]N.L. Petroni, A.Walters, T.Fraser and W.A. Arbaugh, "FATKit: A framework for the extraction and analysis of digital forensic data from volatile system memory," Digital Investigation, vol. 3, no. 4, pp. 197-210, 2006.
    [20]R. Putthacharoen and P. Bunyatnoparat, "Protecting Cookies from Cross Site Script Attacks using Dynamic Cookies Rewriting Technique," International Conference on Advanced Communication Technology (ICACT), pp. 1090-1094, 2011.
    [21]N.B. Said, F. Biondi, V. Bontchev, O. Decourbe, T.G. Wilson, et al, "Detection of Mirai by Syntactic and Semantic Analysis", 2017.
    [22]B. Schatz, "BodySnatcher: towards reliable volatile memory acquisition by software," Digital Investigation, vol.4, no.1, pp. S126 -S134, 2007.
    [23]J. Seo, S. Lee, and T. Shon, "A study on memory dump analysis based on digital forensic tools," Peer-to-Peer Networking and Applications, vol. 8, no. 4, pp. 694-703, 2015
    [24]C. Sharma and S. C. Jain, "Analysis and Classification of SQL Injection Vulnerabilities and Attacks on Web Applications,"International Conference on Advances in Engineering & Technology Research (ICAETR), pp. 1-6, 2014.
    [25]H. Sinanović and S. Mrdovic, "Analysis of Mirai malicious software," International Conference on Software, Telecommunications and Computer Networks (SoftCOM), pp. 1-5, 2017.
    [26]N. Suteva, and A. Mileva, "Computer Forensic Analysis of Some Web Attack," World Congress on Internet Security (WorldCIS), pp. 42-47, 2014.
    [27]M. Thapliyal, A. Bijalwan, N. Garg, and E. Pilli, "A Generic Process Model for Botnet Forensic Analysis," Conference on Advances in Communication and Control Systems (CAC2S), pp. 98-102, 2013.
    [28]Q. Zhang, H. Chen, and J. Sun, "An Execution-flow Based Method for Detecting Cross-Site Scripting Attacks, " International Conference on Software Engineering and Data Mining, pp. 160-165, 2010.
    [29]Open Web Application Security Project, "OWASP Top Ten Project, " Retrieved March 1, 2017 from http://www.owasp.org/index.php/Category: OWASP Top Ten Project.
    [30]Gartner, "Leading the IoT," Retrieved June 1, 2018 https://www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf.
    [31]Kaspersky, Retrieved July 1, 2018 from http://www.199it.com/archives/723914.html.
    [32]WhiteHat Security, "12th Annual Application Security Statistics Report, " Retrieved July 11, 2017 from https://info.whitehatsec.com/rs/675-YBI-674/images/WHS%202017%20Application%20Security%20Report%20FINAL.pdf?mkt_tok=eyJpIjoiTWpZMVpU-UmxZVEF3TlRkaCIsInQiOiJTQVdQbzlLNlBSSGM0XC96VkZaa2NEbk4ySzBLTGc1QzN4R3JrdG95b2FLRlNSdndiSUlNOUxDUm-hvMUo3WmNrN1VtbThGWGE5a015TlpGS1lMak01azA5azQ1NXRoQnVvbDJTWlRac2Ezc05BbEd2VVQrXC82N042WFF3NmE2MzB1In0%3D.
    [33]IoT Developer Survey, " IoT Developer Survey Results," Retrieved July 19, 2018 from https://www.slideshare.net/kartben/iot-developer-survey-2018.
    [34]iThome, Retrieved June 1, 2018 from https://www.ithome.com.tw/news/110135.
    Description: 碩士
    國立政治大學
    資訊科學系
    105753008
    Source URI: http://thesis.lib.nccu.edu.tw/record/#G0105753008
    Data Type: thesis
    DOI: 10.6814/THE.NCCU.CS.010.2018.B02
    Appears in Collections:[Department of Computer Science ] Theses

    Files in This Item:

    File SizeFormat
    300801.pdf2524KbAdobe PDF223View/Open


    All items in 政大典藏 are protected by copyright, with all rights reserved.


    社群 sharing

    著作權政策宣告 Copyright Announcement
    1.本網站之數位內容為國立政治大學所收錄之機構典藏,無償提供學術研究與公眾教育等公益性使用,惟仍請適度,合理使用本網站之內容,以尊重著作權人之權益。商業上之利用,則請先取得著作權人之授權。
    The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

    2.本網站之製作,已盡力防止侵害著作權人之權益,如仍發現本網站之數位內容有侵害著作權人權益情事者,請權利人通知本網站維護人員(nccur@nccu.edu.tw),維護人員將立即採取移除該數位著作等補救措施。
    NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback