跳到主要內容

臺灣博碩士論文加值系統

(3.236.23.193) 您好!臺灣時間:2021/07/24 13:42
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:張峻賓
研究生(外文):Chun-Pin Chang
論文名稱:惡意性電子郵件病毒誤用偵測之研究
論文名稱(外文):Misuse detection of new malicious Email viruses
指導教授:施東河施東河引用關係
指導教授(外文):Dong-Her Shih
學位類別:碩士
校院名稱:國立雲林科技大學
系所名稱:資訊管理系碩士班
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:中文
論文頁數:89
中文關鍵詞:郵件病毒偵測自我組織映射圖k-medoidsk-mean網路安全誤用偵測
外文關鍵詞:self-organizing mapsnetwork securityk-medoidsemail virus detectionmisuse detection
相關次數:
  • 被引用被引用:1
  • 點閱點閱:247
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
有附加檔案的惡意電子郵件對現今的資訊安全來說,是一個很大的威脅,郵件病毒就就是能夠自我複製將自己隱匿在電子郵件之中,再藉由郵件的傳遞來感染其他程式的電子郵件,當被感染的郵件被開啟時,郵件病毒就會散播感染其他系統。現今的社會,人們越來越倚賴電子郵件來傳遞訊息與交換資訊,本研究所提供新的偵測方法是分析已知的郵件病毒具有什麼樣的行為特徵,而不是去預測未知郵件病毒可能的攻擊行為,在我們的方法中,主要是分析郵件病毒的靜態行為特徵,並將這些靜態行為特徵訓練成我們的病毒行為模型,希望能藉由這個病毒行為模型比對找出已知和未知的郵件病毒,實驗比較的結果顯示,本研究所提的方法比一般防毒軟體在偵測未知郵件病毒上有較佳的效果。我們也認為一般公司也必須採取更多防範措施來防止郵件病毒感染企業的系統,在本研究中也提出一些防護的建議,讓企業可以防範他們的電子郵件不會遭受到郵件病毒的感染。
A serious security threat today is malicious emails, arriving as email attachments. An email virus is an email that can infect other programs by modifying them to include a replication of it. When the infected emails are opened, the email virus spreads itself to others. Today’s society has seen a dramatic increase in the use of emails. We present a novel approach to detect misuse emails by gathering and maintaining knowledge of the behavior of the malicious emails rather than anticipating attacks by unknown assailants. Our approach is based on building and maintaining a profile of the malicious emails through analyzing its static activity. Any new activity of the email is compared to the malicious profile to detect a potential misuse. Comparison results show that our proposed methods outperformed than anti-virus software. As a result, companies must take even more precautions to guard against the introduction of email viruses into their systems. This paper also stated how companies could protect their emails from the intrusion of email virus.
目錄
摘要 i
Abstract ii
誌謝 iii
目錄 iv
表目錄 vi
圖目錄 viii
一、緒論 1
1.1研究背景 2
1.2研究動機 3
1.3研究目的 5
1.4研究限制 5
1.5研究流程 6
二、文獻探討 7
2.1電腦病毒的定義 7
2.1.1狹義的電腦病毒 7
2.1.2廣義的電腦病毒 7
2.1.3電腦病毒的分類 9
2.2郵件病毒 15
2.2.1郵件病毒感染的方式 16
2.2.2郵件病毒的欺騙方式 18
2.2.3郵件病毒傳播能力 19
2.3入侵偵測 22
2.3.1異常偵測(Anomaly Intrusion Detection) 22
2.3.2誤用偵測(Misuse Intrusion Detection) 23
2.4病毒偵測的方法介紹 25
2.4.1已知病毒的偵測方法 26
2.4.2未知病毒的偵測方法 27
2.4.3其它偵測方法 28
三、郵件病毒樣本分析 33
3.1郵件資料樣本 33
3.2郵件特徵變數 34
3.3資料編碼 39
四、學習方法與實驗設計 42
4.1 SOM 42
4.2 K-Mean 46
4.3 K-Medoid 47
4.4實驗設計 48
4.4.1 測試資料樣本 51
4.4.2 誤用偵測模組訓練 51
4.4.3 偵測效能改善與評估 56
4.4.4 結果分析比較 62
五、管理議題 68
5.1 郵件病毒的迷思 68
5.2 郵件病毒特徵統計分析結果 69
5.3 郵件病毒防護策略 70
5.4發展郵件病毒安全計畫 72
六、結論與未來研究 76
6.1結論 76
6.2未來研究方向 77
參考文獻 78
參考文獻
英文部分:
[1] Anderson, David R., Sweeney, Dennis J. and Williams, Thomas A., 1990, “Statistics for Business and Economics”, West, San Francisco, pp81~82.
[2]Bai, Yuebin and Kobayashi, Hidetsune, 2003, “Intrusion Detection Systems:Technology and Development”, Proceedings of the 25th International Conference on Software Engineering
[3]Buhmann, J. and Kühnel, H.,1993, ”Complexity Optimized Data Clustering by Competitive Neural Networks ,”Neural Comput, vol. 5, no. 3,pp 75-88,May 1993
[4]Cass, S., 2001, Anatomy of Malice, Spectrum, IEEE , Vol 38, Page(s): 56 -60
[5]Cohen, F., 1991, “Current best practice ageinst computer viruses”, Security Technology, 1991. Proceedings. 25th Annual 1991 IEEE International Carnahan Conference on , 1-3 Oct. 1991 Page(s): 261 -270
[6]Cohen, Fred. 1987,“Computer Viruses: Theory and Experiments”, Computers and Security vol.6, pp. 22-35
[7]Coulthard, A. Vuori, T.A., 2002, “Computer viruses:a quantitative analysis”, Logistics Information Manageme
[8]Denning,D.E.,1987, “An Intrusion Detection Model”, IEEE Transactions On Software Engineering, Vol. Se-13, No. 2, 1987, pp. 222-232
[9]Hawkins, S. M., Yen, D. C. and Chou, D. C. (2000) “Disaster recovery planning: a strategy for data security”, Information Management & Computer Security, Vol 8 No 5, pp.222-230.
[10]Gryaznov, D., 1999,” Scanners of the Year 2000: Heuristics”, Proceedings of the 5th International Virus Bulletin, 1999.
[11]Karresand M., 2003, “Separating Trojan Horses, Viruses, and Worms A Proposed Taxonomy of Software Weapons”, Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society , June 18-20, 2003 Page(s): 127 -134
[12]Kaufman, L. and Rousseeuw, P. J., 1990, “ Finding Groups in Data: an Introduction to Cluster Analysis”. John Wiley & Sons, 1990
[13]Kienzle, Darrell M. and Elder, Matthew C., 2003, “Recent Worms:A Survey and Trends”, the 2003 ACM workshop on Rapid Malcode, Washington, DC, USA, October 27, 2003, pp1-10
[14]Kohonen T., 1990, ”The Self-Organizing Map”, Proceedings of the IEEE, Volume:78, Issue:9, Sept, pp 1464-1480
[15]Kohonen T., 1993, “Generalizations Of The Self-organizing map”, Neural Networks, 1993. IJCNN ’93-Nagoya. Proceedings of 1993 International Joint Conferece on, Volume:1, pp 457-462
[16]Kruegel, Christopher., Mutz, Darren., Robertson, William., and Valeur, Fredrik., 2003, “Bayesian Event Classification for Intrusion Detection”, Proceedings of the 19th Annual Computer Security Applications Conference
[17]Lee, Jieh-Sheng., Hsiang, Jieh., Tsang, Po-Hao., 1997, “A generic virus detection agent on the internet”, System Sciences, 1997, Proceedings of the Thirtieth Hawaii International Conference on , Volume: 4 , 7-10 Jan. 1997, Page(s): 210 -219 vol.4
[18]Lo, R., Kerchen, P., Crawford, R., Ho, W., Crossley, J., Fink, G., Levitt, K., Olsson, R., Archer, M., 1991, “Towards a Testbed for Malicious Code Detection”, Compcon Spring ''91. Digest of Papers , 25 Feb.-1 March 1991 Page(s): 160 -166
[19]Luke, J., Harris, C.J., 1999, “The application of CMAC based intelligent agents in the detection of previously unseen computer viruses”, Information Intelligence and Systems, 1999. Proceedings. 1999 International Conference on , 31 Oct.-3 Nov. 1999 Page(s): 662 -666
[20]MacQueen, J. B., “Some Methods for Classification and Analysis of Multivariate Observations,” Proceedings of the Fifth Berkeley Symposium on Mathematical Statistics and Probability, Vol.1, pp 281-297, 1967.
[21]Matthew G. Schultz, Eleazar Eskin, Erez Zadok, Manasi Bhattacharyya, and Salvatore J. Stolfo., “Malicious Email Filter –A UNIX Mail Filter that Detects Malicious Windows Executables”, In Proceeding of USENIX Annual Technical Conference –FREENIX Track. Boston, MA:June 2001.
[22]McGraw, G., Morrisett, G., 2000, Attacking Malicious Code:A Report T the Infosec Research Council, Software, IEEE , Volume: 17 Issue: 5 , Sept.-Oct. 2000 Page(s): 33 -41
[23]Mendenhall, W., and R.J. Beaver., (1994) Introduction to probability and statistics, 9th ed. Belmont, CA: Wadsworth
[24]Moore D., Paxson V., Savage S., Shannon, C., Staniford, S.and Weaver, N., 2003, Inside the Slammer Worm, Security & Privacy Magazine, IEEE , Volume: 1 Issue: 4 , July-Aug. 2003 Page(s): 33 -39
[25]Neubauer, Bruce J. and Harris, James D., 2002,” Protection of computer systems from computer viruses:ethical and practical issues”, 2002, CCSC:Rocky Mountain Conference, JCSC 18, 1
[26]Okanmoto Takeshi and Ishida Yoshiteru, 2002, “An Analysis of a Model of Computer Viruses Spreading via Electronic Mail”,Systems and computers in Japan, Vol. 33, No. 14, 2002
[27]Pelaez, C.E., Bowles, J., 1991, “computer viruses”, Southeastern Symposium, vol 23, 10-12 March 1991, Page(s): 513 -517
[28]Phillippo, S.J., 1990, “Practical virus detection and prevention”, Viruses and their Impact on Future Computing Systems, IEE Colloquium on , 19 Oct 1990 Page(s): 2/1 -2/4
[29]Richard A., Kemerer and Giovanni Vigna, 2003,“Internet Security and Intrusion Detection”, Proceedings of the 25th International Cnference on Software Engineering
[30]Savage, M., 2002, “Business continuity planning”, Work Study, Vol 51 No 5, pp.254-261
[31]Sekar, R., Gupta, A., Frullo,J., Shanbhag, T., Tiwari, A., Yang , H. and Zhou, S., 2002, ”Specification-based Anomaly Detection:A New Approach for Detecting Network Intrusions”, ACM, pp.18-22
[32]Subramanya, S.R., Lakshminarasimhan, N., 2001, Computer viruses, Potentials, IEEE , Volume: 20 Issue: 4 , Oct.-Nov. 2001 Page(s): 16 -19
[33]Trostle J.T., 1998, “Timing Attacks Against Trusted Path”, Security and Privacy, 1998. Proceedings. 1998 IEEE Symposium on , 3-6 May 1998 Page(s): 125 -134
[34]Vessanto, Juha and Alhoniemi, Esa ”Clustering of the Self-Organizing Map ”,IEEE Transactions on Neural Networks,Vol11,NO 3,pp 586-600,May 2000.
[35]Weaver, Nicholas., Paxson, Vern., Staniford, Stuart and Cunningham, Robert., 2003, “A Taxonomy of Computer Worms”, the 2003 ACM workshop on Rapid Malcode, Washington, DC, USA, October 27, 2003, pp11-18
[36]White, S. R., Swimmer, M., Pring, E. J., Arnold, W. C., Chess, D. M. and Morar, J. F., 1999, “Anatomy of a Commercial-Grade Immune System”, IBM Research White Paper, http://www.av.ibm.com/ScientificPapers/White/Anatomy/
[37]Zenkin, Denis. 2001, “Fighting Against the Invisible Enemy Methods for detecting an unknown virus”, Computers & Security, Vol.20, No4, pp316-321
[38]Zenkin, Denis., 2001, “Guidelines for the Protecting the Corporate against Viruses”, Computers & Security, Vol 20, pp671-675
[39]Zhang, Ran., Qian, Depei., Bao, Chongming., Wu, Weiguo and Guo, Xaobing, 2001, “Multi-agent Based Intrusion Detection Architecture”, IEEE.

中文部分:
[40]李駿偉, 田筱榮,黃世昆,2002,”入侵偵測分析方法評估與比較”,Communications of the CCISA, Vol. 8, No. 2, 2002
[41]姜秀森,2003,電子郵件病毒偵測之研究,國立雲林科技大學,碩士論文。
[42]許明陽,2002,利用攔截API偵測電腦病毒,私立逢甲大學,碩士論文。
[43]劉順德,2001,以樹狀關聯式架構偵測電子郵件病毒之探討,國立中央大學,碩士論文。
[44]葉怡成,2002,”類神經網路模式應用與實作”,第二版,儒林圖書有限公司
[45]顏月珠,1998,”統計學”,第六版,三民書局,pp67-69
網站部分:
[46]趨勢科技網站http://www.trend.com.tw/endusers/products
[47]Network Associates. Virus Information Library. http://vil.nai.com, 2003
[48]Chung, Christina Yip, 1997, “A Survey of Misuse Detection Systems”, http://seclab.cs.ucdavis.edu/~chungy/doc/MDS.htm
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top