Windows 作業系統之本機異常程式連線偵測

Abstract

長久以來，惡意程式一直是危害個人電腦安全的主要威脅，雖然使用者可以透過安裝防毒軟體或其他類型的防護機制加以保護個人電腦的安全性，可是相關機制一樣會有其不可避免的問題存在。在本研究中，我們提出一種簡單且有效率的方法可以用來偵測 Windows 作業系統中之異常程式連線。 在本論文中，我們先針對現今惡意程式的種類進行探討，接著針對曾經流行過的惡意程式進行案例分析，藉由分析與探討的結果，我們歸納出現今惡意程式所具備的特性。這些特性包括了具有網路連線能力、容易與作業系統產生混淆或偽裝成作業系統元件、不與使用者互動及具自動啟動能力。接著我們以此結果為依據，提出一種可以偵測符合上述條件異常程式的方法，並且將該方法實做為可執行之偵測工具。

For a long time, malware is major threat to personal computer. Even though user can against threat by installing anti-virus software or other protection solutions. But problem always exist. In this research, we propose a scheme that can be used for detect anomaly program connections in Windows. The scheme are ease of use and efficient. In this paper, we first discuss the kind of today’s malware. And then we analysis fewer case, that was populated. After that we modeling today malware’s characters, the characters of today’s malware are including ability to connect to network, can be confused with O.S. Component or malware will pretend it was O.S. Component, and doesn’t interactive with user, finally malware can be auto startup. According to characters above, we propose a scheme that can be used for detect anomaly program connections, and we produce scheme to a tool, that can be used for detect anomaly program connections.