摘要
目前雲端服務供應商面臨識別及降低各種新型態的網路威脅,尤其以近期發生的網路進階持續性滲透威脅(Advanced Persistent Threat, APT)竊取客戶敏感性資料為害最大。目前針對APT攻擊之惡意程式的偵測,大多數管理者透過掃毒引擎之偵測,找出隱藏之惡意程式;但掃毒引擎是採用病毒特徵碼比對,但病毒碼是由多種特徵所形成,而變種病毒(Variant)利用變形、多型技術改變或隱藏部份的病毒行為特徵,部份惡意程式可躲過防毒軟體的偵測,或造成錯誤偵測回報。 為了改善此一困境,本研究搭配沙網分析(SandNets)精確分析病毒特徵,並運用網路服務(Web Services)技術以強化先前研發之數位解藥(Digital Antidote, DA) 系統之自動化事件回報效率,降低網路安全管理的工作負荷。系統驗證以宙斯(Zeus)病毒之數位解藥製作與分析為例,搭配APT攻擊案例以說明病毒的感染過程。實驗證明本研究之數位解藥可有效預防、偵測及修復殭屍病毒之感染,解除原有或變種病毒網路感染威脅,以降低病毒對所造成對組織資訊系統的資安威脅及風險
並列摘要
Cloud service providers identify and mitigate new types of network threats recently, especially APT attacks due to the fact that stealing the privacy information from their clients. For most APT attacks, managers employed antivirus software to detect malwares. However, virus behavior contained several signatures and variant is generally built by altering part of signatures, hinting them via self-modification or polymorphic techniques, so that variant can avoid detection. Accordingly, we incorporated the SandNets analysis technique to accurately categorize the virus signatures and refined the digital antidote for bots in previous study for virus immune by using Web Services technique for lowering the loading of network security management. The validation of model uses the production and analysis of DA (Digital Antidote) complied by a case of APT attacks, i.e., Zeus attacks, to simulate the scenario of virus infectious process. Overall, experimental results show that the proposed approach is a useful design to reduce the bot threats as well as effectively provide the protection and risk migration of information security for organizations.