請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/91033完整後設資料紀錄
| DC 欄位 | 值 | 語言 |
|---|---|---|
| dc.contributor.advisor | 孫雅麗 | zh_TW |
| dc.contributor.advisor | Yea-Li Sun | en |
| dc.contributor.author | 陳志剛 | zh_TW |
| dc.contributor.author | Zhi-Kang Chen | en |
| dc.date.accessioned | 2023-10-24T16:49:21Z | - |
| dc.date.available | 2024-08-14 | - |
| dc.date.copyright | 2023-10-24 | - |
| dc.date.issued | 2023 | - |
| dc.date.submitted | 2023-08-11 | - |
| dc.identifier.citation | [1] Wajih Ul Hassan, Adam Bates, and Daniel Marino. Tactical provenance analysis for endpoint detection and response systems. In 2020 IEEE Symposium on Security and Privacy (SP), pages 1172–1189, 2020. doi: 10.1109/SP40000.2020.00096.
[2] Jambit GmbH. Linux man page: clone(), 2023-03-30. URL https://man7.org/linux/man pages/man2/clone.2.html. [3] Jambit GmbH. Linux man page: system call, 2023-06-24. URL https://man7.org/linux/man pages/man2/syscalls.2.html. [4] Zhenyuan Li, Jun Zeng, Yan Chen, and Zhenkai Liang. Attackg: Constructing technique knowledge graph from cyber threat intelligence reports. In Lecture Notes in Computer Science, page 589–609, 2022. doi: 10.1007/978-3-031-17140-6_29. [5] Sadegh M. Milajerdi, Rigel Gjomemo, Birhanu Eshete, R. Sekar, and V.N. Venkatakrishnan. Holmes: Real-time apt detection through correlation of suspicious information flows. In 2019 IEEE Symposium on Security and Privacy (SP), pages 1137–1152, 2019. doi: 10.1109/SP.2019.00026. [6] Ori Or-Meir, Nir Nissim, Yuval Elovici, and Lior Rokach. Dynamic malware analysis in the modern era—a state of the art survey. In ACM Comput. Surv., Vol. 52, No. 5, Article 88, 2019. doi: 10.1145/3329786. [7] ZHI-KANG, CHEN. Chatgpt case study, 2023-08-04. URL https://drive. google.com/drive/folders/1eEZe0ZwsiNfXoIsxm45scLTq5faCat-D?usp=drive_link. | - |
| dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/91033 | - |
| dc.description.abstract | 目前世界正處於一資訊爆炸的時代,資訊科技已經成為人類生活不可或缺的一部份,隨之而來的就是各種資安議題,其中惡意程式的分析更是一大項目,各種資安攻擊手法都離不開惡意程式的協助。現行在惡意程式行為的分析上常常使用所謂的動態分析,也就是將惡意程式至於一沙箱之中,透過側錄的方式取得其活動證據,這些活動證據常常由低階語言所組成。
許多資安公司對這些沙箱側錄結果都會產出技術報告,但是報告內容大都不容易消化,對於資訊安全管理者的威脅情報掌握與傳遞,或是一般人在資安領域的專業知識學習上,需要將這些報告轉成更容易理解、具有語意 (以自然語言撰寫) 的惡意程式技術摘要報告,較符合實際需求,但目前大多仰賴資安專家手動製作,缺乏有效率地產出方法。本論文的研究主要希望解決這種低階的結構語意難以理解的問題,預計會將 System Call Trace 的每一個詳細步驟進行語意上的轉換,將其從低階語言轉化為易於人類閱讀的高階語法,並且透過 ChatGPT 的輔助將其綜整成一篇文章,使研究人員能以最自然的方式快速地理解惡意程式的活動內容。 | zh_TW |
| dc.description.abstract | At present, the world is in an era of information explosion. Information technology has become an indispensable part of human life, and various information security issues follow. Among them, the analysis of malicious programs is a major project. Various information security attacks The methods are inseparable from the assistance of malicious programs. At present, the so-called dynamic analysis is often used in the analysis of malicious program behavior, that is, the malicious program is placed in a sandbox, and its activity evidence is obtained through the method of skimming, and the activity evidence is often composed of low-level language.
Many information security companies will produce technical reports on these sandbox skimming results, but most of the report content is not easy to digest. For information security managers to grasp and transmit threat intelligence, or for ordinary people to learn professional knowledge in the field of information security, These reports need to be converted into easier-to-understand, semantic (written in natural language) malicious program technical summary reports, which are more in line with actual needs. However, most of them rely on information security experts to manually produce them, and there is no efficient way to produce them. The research of this paper mainly hopes to solve the problem that the low-level structural semantics are difficult to understand. It is expected that each detailed step of System Call Trace will be semantically converted from low-level language to high-level grammar that is easy for humans to read. , and integrated into an article with the assistance of ChatGPT, so that researchers can quickly understand the activities of malicious programs in the most natural way. | en |
| dc.description.provenance | Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2023-10-24T16:49:21Z No. of bitstreams: 0 | en |
| dc.description.provenance | Made available in DSpace on 2023-10-24T16:49:21Z (GMT). No. of bitstreams: 0 | en |
| dc.description.tableofcontents | Acknowledgements i
摘要 iii Abstract iv Contents vi Chapter 1 Introduction 1 1.1 Motivation 1 1.2 Objective 2 Chapter 2 Background & Related Work 3 2.1 Background 3 2.1.1 Execution Trace (System Call Trace) 3 2.1.2 Attack Scenario Graph 4 2.1.2.1 Source Node 4 2.1.2.2 Destination Node 4 2.1.2.3 Edge 6 2.1.2.4 Example 6 2.1.3 Algorithm 7 2.2 Related Work 9 2.2.1 Dynamic Malware Analysis in the Modern Era—A State of the Art Survey 9 2.2.2 HOLMES: Provenance Graph 與Audit logs 9 2.2.3 Tactical Provenance Analysis for Endpoint Detection and Response Systems : Provenance Graph 與API call logs 10 2.2.4 AttacKG: Constructing Technique Knowledge Graph from Cyber Threat Intelligence Reports 11 Chapter 3 Automated Narrative Essay Generation 13 3.1 System Architect 13 3.2 Issue: ASG Large Scale 14 3.2.1 For Node 14 3.2.2 For Edge 15 3.2.3 Reduction Result 16 3.3 Issue: System call 的低階結構、語義 18 3.4 Solution 18 3.4.1 Malware List of Syscall Steps 19 3.4.2 NL_Synonym Base 20 3.4.3 schema 20 3.4.4 Natural Language (NL) Transformer 21 3.4.4.1 Algorithm 22 3.5 案例分析: Dofloo 24 3.6 Issue: 自動化標註 25 3.7 Solution: ChatGPT Prompt 26 3.7.1 Discussion 28 3.7.1.1 Version 28 3.7.1.2 Limitation 28 3.7.2 Evaluation Output 28 3.8 案例分析: Gafgyt 29 3.9 案例分析: Darlloz 31 3.10 案例分析: Luabot 32 3.11 案例分析: Kaiten 34 Chapter 4 Conclusion 37 List of Figures 38 List of Tables 40 References 41 | - |
| dc.language.iso | zh_TW | - |
| dc.title | 運用生成式人工智慧協撰惡意程式行為分析敘事文本 | zh_TW |
| dc.title | Unleashing Malware Analysis and Understanding with Generative AI | en |
| dc.type | Thesis | - |
| dc.date.schoolyear | 111-2 | - |
| dc.description.degree | 碩士 | - |
| dc.contributor.oralexamcommittee | 陳俊良;李育杰;陳孟彰;黃意婷 | zh_TW |
| dc.contributor.oralexamcommittee | Jiann-Liang Chen;Yuh-Jye Lee;Meng-Chang Chen;Yi-Ting Huang | en |
| dc.subject.keyword | 動態分析,攻擊情境圖,自然語言生成, | zh_TW |
| dc.subject.keyword | Dynamically Analysis,Attack Scenario Graph,Natural Language Generation, | en |
| dc.relation.page | 42 | - |
| dc.identifier.doi | 10.6342/NTU202302735 | - |
| dc.rights.note | 同意授權(全球公開) | - |
| dc.date.accepted | 2023-08-12 | - |
| dc.contributor.author-college | 管理學院 | - |
| dc.contributor.author-dept | 資訊管理學系 | - |
| dc.date.embargo-lift | 2024-08-14 | - |
| 顯示於系所單位: | 資訊管理學系 | |
文件中的檔案:
| 檔案 | 大小 | 格式 | |
|---|---|---|---|
| ntu-111-2.pdf | 7.22 MB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。