- 學位論文
惡意程式可疑檔案關聯建立與辨識之即時系統設計與實作
Pirus : A Real-Time Framework for Suspicious Entities Correlation and Discrimination for Malware Identification
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
本論文提供了一個系統- Pirus,該系統不需要病毒特徵碼並可以即時地回報系統內受惡意程式感染的檔案。一般而言,雖然惡意程式可以被商業軟體移除,但通常一些相關的惡意元件(例如:instigator, 幕後主使者)並未被同時移除乾淨導致惡意程式有再滋生的可能並且可持續地竊取機密資訊或使得資訊系統曝露在公開場合底下而顯得不安全。 本論文提供了一個產生感染圖(infection graph)的演算法來關聯起惡意程式及其相關元件;感染圖除了可以完整地移除單一惡意程式外,亦可基於系統中不同的惡意程式會共用的系統檔案來偵測到其它的惡意程式並移除之。 透過本論文的實驗結果得知,實驗所得的惡意檔案清單和市售防毒軟體的比較,無論是已知或是未知的惡意程式,本論文的實作系統可以找到相較於市售軟體還要多的惡意檔案。
並列摘要
This thesis provided a real-time system, Pirus, to list all the malicious components for given malware without the need of any virus definition file. Although now a malware can be detected and removed by commercial tools, however, the related malicious components (ex, instigator) may not be detected thus malware continuously steal user privacy and expose information systems to be insecure. This thesis provided infection graph generation algorithm to correlate malware and its related malicious component. This thesis can also detect other malware based on the shared malicious components between malware. Finally, the experiment result showed that compared with commercial tools Pirus detected more malicious files than commercial tools for both known and unknown malware.
參考文獻
[17] N. Weaver, V. Paxson, S. Staniford, and R. Cunningham, “A Taxonomy of Computer Worms”, In ACM CCS Workshop on Rapid Malcode (WORM), October 2003.
[24] N. Idika, A. P. Mathur, “A Survey of Malware Detection Techniques”, Tehnical Report, Department of Computer Science, Purdue University, 2007.
[3] T. Holz, M. Engelberth, and F. Freiling, “Learning More About the Underground Economy: A Case-Study of Keyloggers and Dropzones”, Reihe Informatik TR-2008-006, University of Mannheim, 2008.
[8] H. Chen, F. Hsu, T. Ristenpart, J. Li, and Z. Su. “Back to the future: A framework for automatic malware removal and system repair”, In Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC’06), December 2006.
[19] J. Mirkovic and P. Reiher, “A Taxonomy of DDoS Attacks and Defense Mechanisms”, ACM CCR, April 2004.
延伸閱讀
- 張志汖、林宜隆(2016)。行動惡意程式攻擊數位證據鑑識調查處理程序之研究。電腦稽核,(33),1-21。https://www.airitilibrary.com/Article/Detail?DocID=2073090X-201601-201602040013-201602040013-1-21
- 郭振忠、曾鼎凱、林殿智、楊竹星(2018)。基於時間域之惡意連線偵測系統設計與實作。載於國立東華大學(主編),NCS 2017 全國計算機會議(頁323-326)。國立東華大學。https://doi.org/10.29428/9789860544169.201801.0061
- 林志鴻、楊中皇(2011)。用於網路鑑識分析之惡意程式搜集系統設計與實作。載於中華民國資訊安全學會(主編),全國資訊安全會議(頁191-198)。中華民國資訊安全學會。https://doi.org/10.29615/CISC.201105.0191
- Fan, H. P. (2007). Distributed Markov-based Primary User Protection Framework for Cognitive Radio [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2007.00417
- Phuc, N. (2012). Improving Detection Performance of Duplicate Bug Reports using Extended Class Centroid Information [master's thesis, Yuan Ze University]. Airiti Library. https://doi.org/10.6838/YZU.2012.00292