English  |  正體中文  |  简体中文  |  Items with full text/Total items : 26657/27253 (98%)
Visitors : 12315263      Online Users : 435
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version

    Please use this identifier to cite or link to this item: http://ir.lib.ksu.edu.tw/handle/987654321/18237

    Title: 一個以沙盒為基礎的自動化惡意程式分析之方法
    其他題名: A Sandbox-based approach to automated malware analysis
    Authors: 劉佳琪
    Liu, Jia-Chi
    Contributors: 王平
    Keywords: 資訊安全;殭屍病毒;變種病毒;反偵測VM監測環境
    Information security;Bot;Variant;anti-VM
    Date: 2012
    Issue Date: 2013-02-26 15:12:38 (UTC+8)
    Abstract: Botnet僵屍網路進行商業資訊的偷竊,造成許多企業與個人財物的損失。在先前的研究中,發現現今的惡意程式新趨勢 (1)已採模組化發展(2)僅需修改或附加單一模組即可成為變種病毒(3)具有反偵測虛擬環境(anti-VM)能力。本研究利用TRUMAN整合型自動分析工具進行分析,依據惡意程式是否具反偵測虛擬環境選擇置於乾淨之作業系統(clear OS)或虛擬機器,並與上傳至CWSandBox沙盒(Sandbox)進行分析,透過分析結果報告進行交叉比對,可精準歸納出病毒行為特徵準則,再運與利用情節頻繁法則(frequent episode)計算出其支持度與可信度,完成後將其新增至病毒行為資料庫。防衛者可參考執行威脅分析(threat analysis),根據分析之攻擊步驟,繪製出攻擊樹(Attack Tree)以估算系統脆弱點所造成的威脅程度,讓管理者可方便分析感染惡意程式所造成的系統損失與產生的風險。
    Botnet attacks caused the series impact loss of profits for enterprises or individuals by means of stealingthe commercial information. In the previous studies for analyzing the signature of malware, defender found that some malware gotupdated with new features including (i) modular design (ii) variant is built by altering part of signatures, and (iii) anti-VM capability.
    Accordingly, the present study proposes a new method for analysis of malware signature problem in botnets thru aggregated TRUMAN system and sandbox technique. In the proposed approach, both clear OS and sandbox are used to predict their behavior thru the comparison of between the results of sandbox and TRUMAN in order to increase the precisionand accuracy. The analysis ability of our scheme to the support and confidence degree is enhanced by means of frequent episode.
    A series of case studies for threat analysis are performed to investigate the attack actions required to successfully estimate the threat degree from system vulnerabilities via attack trees. Overall, the results confirm that the proposed method provides an effective means of analyzing the impact loss and its risks from botnet threats.
    Appears in Collections:[資訊管理系所] 博碩士論文

    Files in This Item:

    File Description SizeFormat
    ksu-101-G990Q004-1.pdf3892KbAdobe PDF329View/Open

    All items in KSUIR are protected by copyright, with all rights reserved.

    ©Kun Shan University Library and Information Center
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback