請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/15279
標題: | 以程式呼叫 API 之時間序列檢測惡意程式 Detecting malware in the time sequence of the program API call |
作者: | YAo-Wen Xu 許耀文 |
指導教授: | 雷欽隆 |
關鍵字: | 惡意程式,時間序列,應用程式介面,自然語言處理, malware,time series,application interface,natural language processing, |
出版年 : | 2019 |
學位: | 碩士 |
摘要: | 網際網路上充斥著各種病毒、木馬和惡意程式,因此極有可能在使用者毫無察覺的情況下,遭受病毒、木馬和惡意程式的攻擊。市面上有許多的防毒軟體、木馬清除程式和惡意軟體移除程式等,這些工具雖然能夠防止已知的病毒、木馬和惡意程式等,但對未知的惡意程式則無法有效的防範,不同使用者電腦上所執行的軟體也會不同,要想完全依靠防毒軟體掃描惡意程式的存在並不是那麼容易。靜態檢測的方法越來越困難,因為可以透過混淆的技術,例如加密,使用無用的代碼使其像是正常的程式,繞過等等,為了克服這個問題,使用動態檢測技術,在程式執行時監控他所呼叫的API,檢測是否為惡意程式。
在這篇論文研究中,程式執行時呼叫的應用程式介面(API, application programming interface)是我們主要要分析的,每個程式在呼叫API時, 呼叫的API有時間序列關係, 我們利用這個時間序列來檢測惡意程式。 The Internet is full of viruses, Trojans, and malware, so it's highly likely to be attacked by viruses, Trojans, and malware without the user's awareness. There are many anti-virus software, Trojan removal programs and malicious software removal programs on the market. Although these tools can prevent known viruses, Trojans and malicious programs, they cannot effectively prevent unknown malicious programs. Different users The software that is executed on the computer will be different. It is not so easy to completely rely on the anti-virus software to scan for malicious programs. The method of static detection is more and more difficult because it can use obfuscated techniques, such as encryption, useless code to make it look like a normal program, bypass, etc. In order to overcome this problem, use dynamic detection technology during program execution. Monitor the API he is calling to detect if it is a malicious program. In this paper study, the application interface (API, application programming interface) that the program executes when calling is the main analysis. When each program calls the API, the API of the call has a time series relationship. We use this time. Sequence to detect malware. |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/15279 |
DOI: | 10.6342/NTU202000344 |
全文授權: | 未授權 |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-108-1.pdf 目前未授權公開取用 | 1.24 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。