請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/66475
標題: | 行為比對感知技術之於網路攻擊漏洞偵測 Detecting Web Based Attacks Based on Behavior Analysis |
作者: | Shin-Chen Yen 顏新晨 |
指導教授: | 郭斯彥(Sy-Yen Kuo) |
關鍵字: | 行為比對,惡意程式分析,惡意廣告,惡意廣告攻擊,掛馬, vulnerability,malware analysis,behavioral detection,signature detection,Shell code,Exploit code,Malvertising,Malware, |
出版年 : | 2012 |
學位: | 碩士 |
摘要: | 電腦軟體中,惡意程式(Malicious software)存在目的為破壞電腦系統安全;或是竊取資料。其傳染途徑也因不同的目的因而設計不同的攻擊或傳播,尤其近年傳染途徑已由以往單純的檔案下載傳播,轉變為藉由網路瀏覽等行為,其中常見的等瀏覽動作,其中內嵌惡意程式檔案或惡意的超連結來源,這樣大多數的惡意連結,常使用腳本語言;也就是所謂的JavaScript語言來做為呈現惡意連結的手段,因為JavaScript語言是常見的網頁開發語言,同時足以隱匿惡意連結的蹤跡。利用腳本語言達到的網路惡意攻擊,最後會下載真正的惡意檔案於被攻擊端,並在作業系統的監視下偽裝成一般檔案,在使用者與防毒軟體不知情的情況下執行或自我複製,最後達成種種的惡意目的。網路瀏覽安全環境,一般是由作業系統與瀏覽器共同負責與維護,為了要提供使用者安全瀏覽的環境,各家瀏覽器提供者無不用其極的提申自身瀏覽器安全與效能,但真正的安全漏洞往往同時存在於作業系統與瀏覽器之間,也就是在瀏覽器合法的指令,但卻傷害作業系統的安全;如溢位攻擊。而這樣的漏洞,是防毒軟體難以預測與掌握的行為,必須用其他手段加以偵測。普遍的防毒軟體偵測技術,是在檔案下載的階段,利用已知樣本病毒的特徵資料庫,比對未知可疑程式。而這樣的偵測方式,除了常受限於檔案格式與加殼技術的限制,並無法完全發現惡意軟體,同時針對網路的惡意行為,並無額外的能力察覺,只能任憑惡意檔案下載至本機端,最後才抵抗與防禦。本篇文獻欲提出一個網路瀏覽下惡意行為的偵測架構,目的在提供使用者安全的網路瀏覽案全與惡意檔案偵測,免除被惡意攻擊甚至是病毒的威脅。技術上,本架構提供監控瀏覽內容之腳本語言(JavaScript)與可疑檔案,當監控端瀏覽被植入惡意攻擊的網頁時,能夠有效偵測瀏覽網頁中隱藏性的惡意行為或加殼變形後的惡意檔案。 In computer software, malicious software aimed at undermining computer systems security, or steal data. Transmission is also designed for different purposes and therefore a different attack or spread. In particular, transmission in recent years has been a simple file download spread into the act by Internet browsing. Web surfing web page containing malicious files or malicious hyperlink source. Most of the JavaScript commonly used malicious links. Because that is a common web development languages and enough to hide the link. JavaScript to use the network of malicious attacks, the last truly malicious file is downloaded to the end-host. Under the surveillance of the operating system disguised as a normal file .Finally reached a variety of malicious purposes. Web browser security is normally provided by the operating system and browser with maintenance. In order to provide users with safe browsing environment , as each browser providers to enhance their own security and performance. But the real security vulnerabilities often exist in operating systems and browsers. , such as buffer/Heap overflow . This vulnerability is anti-virus software is difficult to predict and control behavior, must be detected by other means. General anti-virus software detection technology is the stage of downloading the file, using the known sample of the virus signature database to determine whether it is malware, and they had no ability to detect malicious network attacks. Only in the file download to be able to detect when the local side , and finally the resistance and defense. This paper presents a framework for detecting Internet browsing malicious behavior and malicious files, such as providing users a secure Web browsing security. Technically, this architecture provides monitor to browse the contents of the Javascript and suspicious files. When the browser is infected with malicious attacks on web pages, web pages can effectively detect hidden malicious behavior or obscure the malicious file. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/66475 |
全文授權: | 有償授權 |
顯示於系所單位: | 電子工程學研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-101-1.pdf 目前未授權公開取用 | 2.86 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。