透過您的圖書館登入 IP:18.219.22.169
透過您的圖書館登入
IP:18.219.22.169
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

在Windows平台上的惡意軟體家族的基序API序列分析

Malware Family Motif API Sequence Analysis on Windows Platform

姜立垣(Li-Yuan Chiang)
指導教授 : 孫雅麗
國立臺灣大學/管理學院/資訊管理學研究所/碩士(2016年)
https://doi.org/10.6342/NTU201602282
全文下載

摘要

本論文旨在針對Windows平台上的惡意程式,擷取惡意程式家族中的共同特徵行為與辨識家族中變種間的差異化行為特徵。 首先,我們定義一個惡意程式的行程為一個Windows API call的執行序列並篩選參數內容,再來,為了比較各行程間的異同之處,我們使用序列比對技術讓執行序列中相似的片段盡量貼合在一起,差異之處插入間隔或是不匹配的貼合,於是我們基於Needleman-Wunsch演算法發展了一套系統以進行多序列比對,並產生可以描述家族內變種之間在各執行階段各片段異同的資料結構,稱作stageMatrix。 接著,我們擷取家族內的共同執行階段,定義造成系統狀態改變的API(StateChange_API, SC_API),追蹤這些SC_API所使用到的資源內容,並將其完整使用流程圖像化。 最後,在未來展望之處,我們希望可以拓展至家族之間特徵的比較。

關鍵字

惡意程式 家族 序列比對 共同特徵擷取 差異化行為辨識

並列摘要

This thesis aims to focus on malware on Windows platform, extracting common characteristic behaviors in a malware family, identifying differentiated characteristic behavior among malware family variants. First, we define a malware process execution to be a Windows API call sequence and winnow parameters in these sequences. Then, in order to compare these sequences, we apply sequence alignment techniques to align similar parts in execution sequences, insert gaps or align mismatch parts in different parts. Thus, we develop a system for multiple sequence alignment based on Needleman-Wunsch algorithm. This system produces a data structure, stageMatrix, to describe all segment alignment information among a family variants. Next, we extract common execution stages. We define APIs that may cause system state changes (StateChange_API, SC_API) and track the resources these APIs access and visualize the full access flow. At last, we plan to extend characteristic comparison to multiple families in future work.

並列關鍵字

Malware Family Sequence alignment Common characteristics extraction Differentiated behaviors identification

參考文獻

2. Rad, B.B., M. Masrom, and S. Ibrahim, Camouflage in Malware: from Encryption to Metamorphism. IJCSNS International Journal of Computer Science and Network Security, 2012. 12.
6. Konrad Rieck, et al., Learning and Classification of Malware Behavior. 5th International Conference, DIMVA 2008, 2008.
12. Garfinkel, T. and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection. Network and Distributed System Security Symposium (NDSS) 2003.
13. Hsiao, S.-W., et al., Combining Dynamic Passive Analysis and Active Fingerprinting for Effective Bot Malware Detection in Virtualized Environments. International Conference on Network and System Security (NSS), 2013.
14. Ki, Y., E. Kim, and H.K. Kim, A Novel Approach to Detect Malware Based on API Call Sequence Analysis. International Journal of Distributed Sensor Networks, 2015.

被引用紀錄

林劭軒(2017)。在Android裝置上的動態API側錄與執行序列分析〔碩士論文,國立臺灣大學〕。華藝線上圖書館。https://doi.org/10.6342/NTU201700435

延伸閱讀

全文下載