跳到主要內容

臺灣博碩士論文加值系統

(98.84.18.52) 您好!臺灣時間:2024/10/04 01:31
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:邱銘彰
研究生(外文):Jeremy Chiu
論文名稱:行為分析之惡意程式偵測
論文名稱(外文):Detecting Malicious Software By Monitoring Program Behavior
指導教授:林金城林金城引用關係
學位類別:碩士
校院名稱:大同大學
系所名稱:資訊工程學系(所)
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:93
語文別:英文
論文頁數:38
中文關鍵詞:入侵偵測惡意程式行為分析
外文關鍵詞:anomaly modelsAPI-HookIntrusion detectionsystem calls
相關次數:
  • 被引用被引用:3
  • 點閱點閱:582
  • 評分評分:
  • 下載下載:113
  • 收藏至我的研究室書目清單書目收藏:1
入侵偵測指的是偵測不適當、不正確或是異常的活動的技術。入侵偵測系統實際上就是完成這些偵測不適當、不正確或是異常的活動的系統。當然,在資訊安全領域中,這些不適當、不正確或是異常的活動指的是和資訊安全相關的各式活動。

本文的研究是以Hose-based IDS為主。HIDS是以主機上的資料作為偵測用的依據,所以,HIDS可以取得像是Server的Log或是使用者的使用記錄,甚至是Process的一些行為等。因此,所獲得的資料相對於Network-based IDS更顯的高階,分析來的結果會越接近Intruder的意圖。本文的研究主題便是以Process Behavior做為分析對象,透過intercept system call的技術,可以採集到許多的行為特徵,進而發展出一些Program behavior modeling的演算法
We present a host-based intrusion detection system (IDS) for Microsoft Windows. The system is an algorithm that detects malicious program on the host machine by monitoring Windows API-Calls. The idea is to train a behavior model of malicious programs, and use this model to detect malicious programs at run-time. Once there models have been established, subsequent API-Log are analyzed to identify deviations, given the assumption that anomalies usually represent evidence of an attack.
1. Introduction 6
2. Relevant Work 7
3. Modeling Common Malicious Software 10
4. Architecture 13
4.1 System Components 13
4.2 Program Behavior Sensor 14
4.3 Model Generator 16
4.4 Malware Detector 17
4.5 Efficiency Considerations 17
5. Malicious Detection Algorithm 20
5.1 Malware Behavior Modeling Algorithm 20
6. Experiments and Results 31
6.1 Data Generation and Experiments 29
6.2 Detection 34
7. Conclusions 35
8. References 36
��[Axel00] Stefan Axelsson, Intrusion Detection Systems - A Survey and Taxonomy, Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, Mar. 2000
��[Allen99] Allen, Julia, et al. State of the Practice of Intrusion Detection Technologies. (CMU/SEI-99/TR-028). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 1999.
��[Apap02] F. Apap, A. Honig, S. Hershkop, E. Eskin & S. Stolfo, Detecting Malicious Software by Monitoring Anomalous Windows Registry Accesses, In Proc. Fifth Intl. Symp. Recent Advances in Intrusion Detection (RAID), 2002.
��[Bowen99] Bowen, T., Segal, M., and Sekar, R. On Preventing Intrusions by Process Behavior Monitoring. In: Eighth USENIX Security Symposium (Washington, D.C., Aug 1999).
��[Cunn01] Cunningham, R. K., Lippmann, R. P. and Webster, S. E. Detecting and Displaying Novel Computer Attacks with Microscope, IEEE Trans. on Systems, Man, and Cybernetics Part A, 31, pp. 275-281, July 2001.
��[Chin03] R. Chinchani, S. Upadhyaya & K. Kwiat. A Tamper-Resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors. IEEE International Workshop on Information Assurance, Darmstadt, Germany, March 2003.
��[Lee99] W. Lee, S Stolfo, and K. Mok. Mining in a Data-flow Environment: Experience in Network Intrusion Detection. In Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD ‘99), San Diego, CA, August 1999.
��[Eski00] E. Eskin. Anomaly Detection over Noisy Data using Learned Probability Distributions, Intl. Conf. Machine Learning, 2000.
��[Eskin01] Eleazar Eskin, Wenke Lee and Salvatore J. Stolfo. Modeling System Calls for Intrusion Detection with Dynamic Window Sizes. In Proceedings of DARPA Information Survivabilty Conference and Exposition II (DISCEX II). Anaheim, CA: June 12-14 2001.
��[Feng03] H. Feng, O. Kolesnikov, P. Fogla, W. Lee & W. Gong, Anomaly Detection Using Call Stack Information, IEEE S&P, 2003.
��[Forr98] S. Forrest, S. A. Hofmeyr, A. Intrusion Detection using Sequences of System Calls, Somayaji, in Journal of Computer Security, vol. 6, pp 151-180, 1998.
��[Krue03] C. Kruegel, D. Mutz, F. Valeur & G. Vigna, On the Detection of Anomalous System Call Arguments, 8th European Symposium on Research in Computer Security (ESORICS), 2003
��[Sekar01] R. Sekar , M. Bendre , D. Dhurjati , P. Bollineni, A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. Proceedings of the IEEE Symposium on Security and Privacy, p.144, May 14-16, 2001
��[Ghosh00] Ghosh, A. Schwartzbard, A., Schatz, M. Learning Program Behavior Profiles for Intrusion Detection. Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, p.93-109, October 02-04, 2000
��[Gosh98] A. K. Gosh , J. Wanken , F. Charron. Detecting Anomalous and Unknown Intrusions Against Programs, Proceedings of the 14th Annual Computer Security Applications Conference, p.259, December 07-11, 1998
��[Warr99] C. Warrender, S. Forrest and B. Pearlmutter, Detecting Intrusions Using System Calls : Alternative Data Models, IEEE Oakland '99
��[Lane97] Lane, T. and Brodley, C. 1997. An Application of Machine Learning to Anomaly Detection, In Proceedings of the 20th National Information Systems Security Conference. 366--377.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. 徐文友,談地方稅法通則及規費法爭議問題,中國稅務旬刊,第1846期,2003,pp.7-8。
2. 徐文友,談地方稅法通則及規費法爭議問題,中國稅務旬刊,第1846期,2003,pp.7-8。
3. 林全,我國統籌分配稅的財政分配功能及理想分配公式之探討,經社法制論叢,15期,1995,pp.119-155。
4. 林全,我國統籌分配稅的財政分配功能及理想分配公式之探討,經社法制論叢,15期,1995,pp.119-155。
5. 林世銘、李慧雯,美國州及地方政府課稅權之研究,財稅研究,第29卷第1期,1997。
6. 林世銘、李慧雯,美國州及地方政府課稅權之研究,財稅研究,第29卷第1期,1997。
7. 周玉津,財政收支如何劃分?遵守均衡原則,實用稅務,第199期,1991,pp.15-19。
8. 周玉津,財政收支如何劃分?遵守均衡原則,實用稅務,第199期,1991,pp.15-19。
9. 何東波,地方政府增加財源的策略與行法,財稅研究,第34卷1期,2002,pp.76-93。
10. 何東波,地方政府增加財源的策略與行法,財稅研究,第34卷1期,2002,pp.76-93。
11. 宋棋超,「財政收支劃分法」修正草案之評議,財稅研究,第34卷5期,2002,pp.31-55。
12. 宋棋超,「財政收支劃分法」修正草案之評議,財稅研究,第34卷5期,2002,pp.31-55。
13. 朱澤民,從日本地方交付稅制度評析我國財政收支劃分法修正草案,財稅研究,第34卷5期,2002,pp.5-29。
14. 朱澤民,從日本地方交付稅制度評析我國財政收支劃分法修正草案,財稅研究,第34卷5期,2002,pp.5-29。
15. 朱澤民,當前地方稅制之檢討與改進方向初探,財稅研究,第26卷3期,1994,pp.28-51。