跳到主要內容

臺灣博碩士論文加值系統

(44.192.94.177) 您好!臺灣時間:2024/07/17 01:07
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:蔡明倫
研究生(外文):MIN-LUEN TASI
論文名稱:使用攔截API技術之解毒程式產生器
論文名稱(外文):Virus Killer Generator Using Hooking API Technique
指導教授:賴榮滄
指導教授(外文):Jim Z. C. Lai
學位類別:碩士
校院名稱:逢甲大學
系所名稱:資訊工程所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:41
中文關鍵詞:攔截API電腦病毒解毒程式產生器解毒程式PE病毒
外文關鍵詞:PE virushooking APIcomputer virusdisinfection programvirus killer generator
相關次數:
  • 被引用被引用:0
  • 點閱點閱:223
  • 評分評分:
  • 下載下載:19
  • 收藏至我的研究室書目清單書目收藏:2
隨著作業系統不斷的演進,至今Windows系統仍然是被最多人所使用,這使得電腦病毒不需要考慮複雜的跨平台問題,病毒得以直接針對Windows的特點來做攻擊與散播。因此,現今32位元Windows病毒的數目是成倍數的成長。
目前市面上常見的防毒軟體都大力鼓吹自己的防毒率可達100%,而事實上我們的電腦卻總是容易被未知的病毒所攻擊,並且在某些情況下,防毒軟體也無法移除中毒檔案,因此使用者常常必須在電腦中毒過後至特定的網站找尋相關的解毒程式並下載至其電腦並進行解毒的動作。然而現階段解毒程式的產生皆有賴於有經驗的工程師來撰寫,一般來說,這需要耗費2~3小時甚至更久的時間,此過程耗費了相當多的人力時間。
在本篇論文中,為了有效解決上述的這些問題,我們使用攔截API的技術去開發解毒程式產生器。希望針對已知和未知的Win32 PE病毒透過我們系統能夠自動產生相對應的解毒程式。
From DOS to the current Windows 2000/XP, the Windows system is still the most popular platform. Along with system holes increasing and the progress of program language, writing a Windows virus is not as hard as most people think. Therefore, the current number of 32-bit windows virus is on the rise, especially win32 PE virus.
At present time, much anti-virus software is not so effective in protecting a user from any virus attacks that our computers are easily infected with new viruses. In addition, some anti-virus software cannot remove certain viruses, so that the user has to exert an effort to look for a virus remover for that particular virus. Likewise, it takes much time and many experienced engineers to develop a disinfection program.
In this paper, we implemented a virus killer generator using hooking API technique to solve the above-mentioned problems. That is, the disinfection program will be generated automatically through our system for known or unknown Win32 PE viruses.
Acknowledgements
中文摘要
Abstract
Table of Contents
List of Figures
Chapter 1 Introduction
1.1 Background
1.2 Motivation
1.3 The Fundamental Concept of Disinfection Program
1.4 Thesis Organization
Chapter 2 Related Works
2.1 Hooking API Technique
2.2 Codeword-based virus detection
2.3 PE File Infection
2.4 File Integrity Check
2.5 System File Checker
Chapter 3 System Architecture
3.1 System Architecture
3.2 The Explicit Linking Problem
3.3 Analyzing Hooked Virus Behaviors
3.4 Producing Disinfection Programs
3.5 The Disinfection Process
Chapter 4 Experimental Results
4.1 System Implement
4.2 Experimental Design and Environment
4.3 Result Analysis
Chapter 5 Concluding Remarks
References
[1] Roger A. Grimes, Malicious Mobile Code: Virus Protection for Windows. United States of America: O'Reilly, August 2001.
[2] Matt Pietrek, Windows 95 System Programming Secret. United States of America: IDG Books Worldwide, November 1995.
[3] Jeffery Richter, “Load your 32-bit DLL into another process’s address space using InjLib,” Microsoft System Journal, Vol. 9, No. 5, May 1994.
[4] Jim Zone-Chang, and Tsai Bing Shin, ”Codeword-based virus detection using virus features,” Department of Information Engineering, Feng Chia University, pp.16-20, 2001.
[5] Checksum Definition URL:
http://www.webopedia.com/TERM/C/checksum.html
[6] Secure Hashing Algorithm Overview URL:
http://www.w3.org/TR/1998/REC-DSig-label/SHA1-1_0#Overview
[7] Péter Ször, “ATTACKS ON WIN32 – PART II,” Virus Bulletin Conference, pp. 42-54, September 2000.
[8] Jim Boyce - Windows Tips URL:
http://www.boyce.us/windows/
[9] Lee Garber, and Richard Racuui, “Antivirus technology offers new cure,” IEEE Computer, Vol. 14, No. 6, pp. 12-14, February 1998.
[10] R. W. Lo, K. N. Levitt, and R. A. Olsson, “MCF: A malicious code filter,” Computers and Security, pp. 541-566, 1995.
[11] Jeffrey O. Kephart, and William C. Arnold, “Automatic Extraction of Computer Virus Signatures,” Proceedings of the Fourth International Virus Bulletin Conference, pp. 178-184, 1994.
[12] David M. Chess, Jeffrey O. Kephart, and Gregory B. Sorkin, “Automatic Analysis of a Computer Virus Structure and Means of Attachment to its Hosts,” US Patent US5485575, issued 1996.
[13] Péter Ször, “ATTACKS ON WIN32,” Proceedings of the Seventh International Virus Bulletin Conference, pp. 57-84, October 1998.
[14] Jeffrey O. Kephart, Gregory B. Sorkin, Morton Swimmer, and Steve R. White, “Blueprint for a Computer Immune System,” Proceedings of the Seventh International Virus Bulletin Conference, pp.159–173, October 1997.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top