請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/66475
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 郭斯彥(Sy-Yen Kuo) | |
dc.contributor.author | Shin-Chen Yen | en |
dc.contributor.author | 顏新晨 | zh_TW |
dc.date.accessioned | 2021-06-17T00:37:41Z | - |
dc.date.available | 2013-02-16 | |
dc.date.copyright | 2012-02-16 | |
dc.date.issued | 2012 | |
dc.date.submitted | 2012-01-31 | |
dc.identifier.citation | [1] Symantec. Symantec internet security threat report,2010.Volume 16, published April 2011.
http://www.symantec.com/business/threatreport/ [2] International Telecommunication Union. Financial aspects of network security:Malware and spam 2008. http://www.itu.int/ITU-D/cyb/events/2008/brisbane/docs/ [3] Symantec. Symantec internet security threat report,2009.Volume 14, published April 2011. http://www.symantec.com/business/threatreport/ [4] AV-Comparatives. Anti-virus comparative no.22 2009. URL http://www.av-comparatives.org/images.stories/test/ondret/avcreport22.pdf [5] Yan W,Zhang Z,ansari N.Revealing packed malware.Security & Privacy,IEEE Sept-Oct 2008;65-69. [6]Z. Su and G. Wassermann. The essence of command injection attacks in web applications. In Proceedings of the 33rd Annual Symposium on Principles of Programming Languages, pages 372–382, Charleston, SC, Jan. 2006. ACM Press New York, NY, USA. [7]David Endler. The Evolution of Cross Site Scripting Attacks. Technical report, iDEFENSE Labs, 2002. [8]Hackalert :Analyzing techniques to detect malware drive-by downloads targeting end-users before the website is flagged by search engines as malicious. [9]Symantec.whitepaper :web based attacks. http://eval.symantec.com/mktginfo/enterprise/white_papers/ [10]Chris Anley. Advanced SQL injection in SQL Server applications. http://www.nextgenss.com/papers/advanced sql.injection.pdf, 2002. [11] Marco Cova, Christopher Kruegel, and Giovanni Vigna. Detection and analysis of drive-by-download attacks and malicious JavaScript code. In 19th International World Wide Web Conference,Raleigh, NC, USA, April 2010. [12]Wayne Huang .New drive-by download variation: drive-by cache, targets human rights website. http://blog.armorize.com/ [13]Aditya K. Sood, Richard J. Enbody.Malvertising – exploiting web advertising.Computer Fraud & Security, Vol. 2011, No. 4. (April 2011), pp. 11-16. [14]P. Likarish, E. Jung, and I. Jo. Obfuscated Malicious Javascript Detection using Classification Techniques. In Proceedings of the Conference on Malicious and Unwanted Software (Malware), 2009. [15]M. Daniel, J. Honoroff, and C. Miller. Engineering Heap Overflow Exploits with JavaScript. In Proceedings of the USENIX Workshop on Offensive Technologies, 2008. [16]Manuel Egele,, Peter Wurzinger.Defending Browsers against Drive-by Downloads: Mitigating Heap-spraying Code Injection Attacks. [17]Granick, J. S.; Manzuik, S.; and Guersch, P. 2007. Security Power Tools. O’Reilly Media. [18]Cyrus peikari;Anton Chuvakin. Security Warrior.O’Reilly Media. [19] Murat Balaba .Designing ShellCode Demystified. http://www.derkeiler.com/pdf/Mailing-Lists/securityfocus/bugtraq/2002-10/0225.pdf [20]BBC news.Google searches web's dark side.May 2007. [21]K. Rieck;T.Krueger;A.Dewald.CUJO: Efficient Detection and Prevention of Drive-by-Download Attacks. InProceedings of the Annual Computer Security ApplicationsConference (ACSAC), 2010. [22]Sandbox of JavaScript.SpiderMonkey. http://www.mozilla.org/js/SpiderMonkey/ [23]Sandbox of JavaScript .DecryptJS. URL http://www.ukhoneynet.org/tools/decrypt-js/ [24]Various decoders to try and deobfuscate javascript (on Windows) URL http://www.jimmyleo.com/work/FreShowStart.htm [25]K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song.Design and evaluation of a real-time URL spam filtering service. In IEEE Symposium on Security and Privacy,2011. [26]Nachenberg Carey.Computer Virus-Antivirus Coevolution.COMM. ACM January 1997. [27]Yan, W., Zhang, Z., and Ansari, N. 2008. Revealing Packed Malware. IEEE, Security and Privacy 6, 5, 65 – 6. [28] M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. Semantics-aware malware detection. In Proceedings of the 2005 IEEE Security and Privacy Conference, 2005. [29]Royal, P.; Halpin, M.; Dagon, D.PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware. [30] Wayne Huang. Malvertising on KickAssTorrents (kat.ph) , OpenX compromised to serve fake anti-virus 'Security Sphere 2012' http://blog.armorize.com/ [31]MSDN. Structured Exception Handling http://msdn.microsoft.com/zh-tw/library/swezty51.aspx [32]Didier Stevens. A tool to analysis Heap spray. http://blog.didierstevens.com [33]Mircosoft. Enhanced Mitigation Experience Toolkit (EMET). http://support.microsoft.com/kb/2458544 [34] Virustotal: A web service that analyzes suspicious files and URLs. http://www.virustotal.com [35] Ulrich Bayer,Paolo,M.Comparetti,“Behavior-Based Malware Clustering” ,Secure Systems Lab, Technical University Vienna,2009. [36]Dai SY, Kuo sy. MAPMon: A Host-Based Malware Detection Tool: Holography: A Hardware Virtualization Tool for Malware Analysis. [37] MSDN: Microsoft Developer Network http://msdn.microsoft.com [38]Armorize: Anti-virus and security company http://armorize.com/ [39] Malvertisements : It is a collection of suspected malvertising incidents and metrics. http://malvertisements.com/ [40] Metasploit: Provide tools for network security attacks. http://metasploit.com [41] Drivesploit: Provide tools for Drive-by-download attacks. http://www.drivesploit.org/ [42]TREND.MS11-003:The exploit of Cumulative Security Update for Internet Explorer. http://about-threats.trendmicro.com [43] Arash B., Navjot S.,. Transparent run-time defense against stack-smashing attacks. In USENIX Annual 2000 Technical Conference, San Diego, California, June 2000. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/66475 | - |
dc.description.abstract | 電腦軟體中,惡意程式(Malicious software)存在目的為破壞電腦系統安全;或是竊取資料。其傳染途徑也因不同的目的因而設計不同的攻擊或傳播,尤其近年傳染途徑已由以往單純的檔案下載傳播,轉變為藉由網路瀏覽等行為,其中常見的等瀏覽動作,其中內嵌惡意程式檔案或惡意的超連結來源,這樣大多數的惡意連結,常使用腳本語言;也就是所謂的JavaScript語言來做為呈現惡意連結的手段,因為JavaScript語言是常見的網頁開發語言,同時足以隱匿惡意連結的蹤跡。利用腳本語言達到的網路惡意攻擊,最後會下載真正的惡意檔案於被攻擊端,並在作業系統的監視下偽裝成一般檔案,在使用者與防毒軟體不知情的情況下執行或自我複製,最後達成種種的惡意目的。網路瀏覽安全環境,一般是由作業系統與瀏覽器共同負責與維護,為了要提供使用者安全瀏覽的環境,各家瀏覽器提供者無不用其極的提申自身瀏覽器安全與效能,但真正的安全漏洞往往同時存在於作業系統與瀏覽器之間,也就是在瀏覽器合法的指令,但卻傷害作業系統的安全;如溢位攻擊。而這樣的漏洞,是防毒軟體難以預測與掌握的行為,必須用其他手段加以偵測。普遍的防毒軟體偵測技術,是在檔案下載的階段,利用已知樣本病毒的特徵資料庫,比對未知可疑程式。而這樣的偵測方式,除了常受限於檔案格式與加殼技術的限制,並無法完全發現惡意軟體,同時針對網路的惡意行為,並無額外的能力察覺,只能任憑惡意檔案下載至本機端,最後才抵抗與防禦。本篇文獻欲提出一個網路瀏覽下惡意行為的偵測架構,目的在提供使用者安全的網路瀏覽案全與惡意檔案偵測,免除被惡意攻擊甚至是病毒的威脅。技術上,本架構提供監控瀏覽內容之腳本語言(JavaScript)與可疑檔案,當監控端瀏覽被植入惡意攻擊的網頁時,能夠有效偵測瀏覽網頁中隱藏性的惡意行為或加殼變形後的惡意檔案。 | zh_TW |
dc.description.abstract | In computer software, malicious software aimed at undermining computer systems security, or steal data. Transmission is also designed for different purposes and therefore a different attack or spread. In particular, transmission in recent years has been a simple file download spread into the act by Internet browsing. Web surfing web page containing malicious files or malicious hyperlink source.
Most of the JavaScript commonly used malicious links. Because that is a common web development languages and enough to hide the link. JavaScript to use the network of malicious attacks, the last truly malicious file is downloaded to the end-host. Under the surveillance of the operating system disguised as a normal file .Finally reached a variety of malicious purposes. Web browser security is normally provided by the operating system and browser with maintenance. In order to provide users with safe browsing environment , as each browser providers to enhance their own security and performance. But the real security vulnerabilities often exist in operating systems and browsers. , such as buffer/Heap overflow . This vulnerability is anti-virus software is difficult to predict and control behavior, must be detected by other means. General anti-virus software detection technology is the stage of downloading the file, using the known sample of the virus signature database to determine whether it is malware, and they had no ability to detect malicious network attacks. Only in the file download to be able to detect when the local side , and finally the resistance and defense. This paper presents a framework for detecting Internet browsing malicious behavior and malicious files, such as providing users a secure Web browsing security. Technically, this architecture provides monitor to browse the contents of the Javascript and suspicious files. When the browser is infected with malicious attacks on web pages, web pages can effectively detect hidden malicious behavior or obscure the malicious file. | en |
dc.description.provenance | Made available in DSpace on 2021-06-17T00:37:41Z (GMT). No. of bitstreams: 1 ntu-101-R97943150-1.pdf: 2931701 bytes, checksum: dc108510bdf03a32fd88ed558e7852cc (MD5) Previous issue date: 2012 | en |
dc.description.tableofcontents | 誌謝 I
摘要 II Abstract III List of Contents V List of Figures VII List of Tables VIII Chapter 1. Introduction 1 1.1 Motivation 1 1.2 Background 3 1.3 Objectives and Organization 4 Chapter 2. Related Works 5 2.1 Web-attack 5 2.2 Drive-by-download 7 2.3 Malvertising 9 2.4 Heap spray 10 2.5 ShellCode 11 2.6 Detection and analysis methods 13 Chapter 3. Design and Implementation 14 3.1 System overview 14 3.2 Heap Spray detection 17 3.3 Signature-based Detection 24 3.4 Profiler 29 3.5 Holography 33 Chapter 4. Evaluation 36 4.1 Accuracy 38 4.2 Effectiveness & Efficiency 43 Chapter 5. Conclusion 46 5.1 Conclusion 46 References 48 | |
dc.language.iso | en | |
dc.title | 行為比對感知技術之於網路攻擊漏洞偵測 | zh_TW |
dc.title | Detecting Web Based Attacks Based on Behavior Analysis | en |
dc.type | Thesis | |
dc.date.schoolyear | 100-1 | |
dc.description.degree | 碩士 | |
dc.contributor.oralexamcommittee | 陳俊良(jiann-liang chen),雷欽隆(Chin-Laung Lei),陳英一(Ing-Yi Chen) | |
dc.subject.keyword | 行為比對,惡意程式分析,惡意廣告,惡意廣告攻擊,掛馬, | zh_TW |
dc.subject.keyword | vulnerability,malware analysis,behavioral detection,signature detection,Shell code,Exploit code,Malvertising,Malware, | en |
dc.relation.page | 53 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2012-02-01 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電子工程學研究所 | zh_TW |
顯示於系所單位: | 電子工程學研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-101-1.pdf 目前未授權公開取用 | 2.86 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。