跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.170) 您好!臺灣時間:2024/12/06 03:31
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:劉得民
研究生(外文):Liu,Te-Min
論文名稱:電腦惡意程式以視覺化3D擬真生物呈現研究
論文名稱(外文):A Study on Malware Detection Presented by 3D Visualization of Biological Simulation
指導教授:廖鴻圖廖鴻圖引用關係林建福林建福引用關係
指導教授(外文):HORNG-TWU LIAWJiann-Fu Lin
學位類別:碩士
校院名稱:世新大學
系所名稱:資訊管理學研究所(含碩專班)
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
論文出版年:2008
畢業學年度:97
語文別:中文
論文頁數:89
中文關鍵詞:3D物件檔案格式惡意程式碼仿生學擬真生物惡意程式反組譯程式碼
外文關鍵詞:3DS file formatMalwareBiomimeticsBionicsMalicious codeDisassemble code
相關次數:
  • 被引用被引用:0
  • 點閱點閱:738
  • 評分評分:
  • 下載下載:101
  • 收藏至我的研究室書目清單書目收藏:0
惡意程式範圍廣闊,躲避偵測的方式也日新月異。傳統偵測惡意程式方式,多半採用靜態分析,動態分析,或是惡意特徵值與語意行為分析方式。然而,惡意程式的程式碼與一般正常程式的程式碼,就控制流程圖,與系統函式呼叫項目而言,有許多不相同的地方。運用生物分類方式,從另一種角度,將所有程式進行歸納分類。包括,病毒,嗜菌體,細菌,真菌,原生生物,動物,植物等等,同時定義作業系統函式的呼叫安全威脅數值。同時針對惡意程式碼,以生物的器官肢爪等等,擬真生物顯示方式,可以立即顯示正常程式與惡意程式的視覺差異。本研究對惡意程式的機械程式碼,分類歸納後,重新以視覺方式的擬真生物,立即顯示給電腦操作者觀看。對於一般電腦使用者來說,使用顯示3D物件方式,將惡意程式採用更具生物顯示特徵的方式,呈現在對電腦不熟悉的操作面前,具有警示作用。本研究針對Windows作業系統的常見惡意程式,進行功能程式碼的分類歸納,並將其繪製成為生物的肢爪口器,再重新組合為3DS檔案格式,呈現於電腦螢幕。
The malware with the wide scope and avoid detection are also changing the way. The traditional manner detects malicious code, most use of static analysis, dynamic analysis, or the characteristics of malicious acts and semantic analysis methods. However, malicious code and the code of the normal program code to control flow chart, and the system function call projects, there are many different places. Use of biological classification, from another perspective, all programs will be conducted into classification. Including, viruses,cell, bacteria, fungi, the original life, animals, plants, etc., and definition of the functions of the operating system calls security threat value. At the same time against malicious code, to amputation of the claw, and so on the organ, biological simulated display, can immediately show the normal programs and malicious code visual differences. The malicious code on the machine code, summarized classification, visual way to the re-Ni Zhen biological, immediately displayed to the computer operator to watch. For general computer users, the use of 3 D objects, malicious code will show a more biological characteristics of the way, showing in the computer are not familiar with the operation before a warning. In this study, the Windows operating system common malicious code, the code function into the classification, and rendering a limb of the claw mouth parts, re-grouped into 3 DS file format, showing the computer screen.
誌謝 I
摘要 II
Abstract III
目錄 IV
圖目錄 V
表目錄 VII
第一章 緒論 1
1.1 研究背景與動機 1
1.2 研究目的 2
1.3 研究範圍 3
1.4 論文架構 4
第二章 相關理論與技術介紹 5
2.1 惡意程式的行為與討論 5
2.2 自然界生物與擬真生物的發展說明 34
2.3 電腦程式在擬真生物的特性探討 38
2.4 立體3D 物件電腦繪製的技術探討 43
第三章 研究機制與系統設計 58
3.1 研究機制 58
3.2 系統架構 60
3.3 惡意程式碼反組譯 61
3.4 惡意程式碼比對與歸類 64
3.5 惡意程式之擬真生物的螢幕顯示 67
第四章 研究結論與探討 71
4.1 研究成果 71
4.2 結論探討 71
第五章 未來研究方向 74
參考文獻 75
[1]吳朝相, “一切從”殼”開始”, http://www.pediy.com/TUTORIAL/CHAP8/Chap8-2.htm, 1999
[2]李武鉦, 郭明達, “以Java 3D製作環場影像播放器”, 中國機械工程學會第十八屆全國學術研討會, 2001
[3]林修遠,”電腦病毒於3D電腦動畫視覺化之研究”,中原大學 商業設計研究所,2003。
[4]劉得民,”木馬後門模擬程式CTP”,http://www.DiamondinfTech.com.tw:9000/TCP.zip,2004。
[5]劉得民,”簡易文字編輯程式S-Pad”,http://www.DiamondInfoTech.com.tw:9000/S-Pad.zip,2005。
[6]劉得民,”學術實驗用途之木馬測試程式”,http://www.DiamondInfoTech.com.tw:9000/RTP.zip,2006。
[7]劉得民,”kavo與變種USB病毒”,http://www.DiamondInfoTech.com.tw:9000/Kavo.zip,2007。
[8]A. Moser, C. Kruegel, and E. Kirda, “Exploring Multiple Execution Paths for Malware Analysis.”, Proceedings of the 2007 IEEE Symposium on Security and Privacy, May 2008
[9]Andrea Lanzi, Lorenzo Martignoni, Mattia Monga, and Roberto Paleari., “A smart fuzzer for x86 executables.” SESS ’07: Proceedings of the Third International Workshop on Software Engineering for Secure Systems, 2007, pages 7
[10]Baoquan Chen, Arie Kaufman, “3D Volume Rotation Using Shear Transformations”, Graph. Models 62,2000 , pages. 308-322.
[11]C. Kruegel, D. Mutz, F. Valeur, and G. Vigna, “On the detection of anomalous system call arguments,” Proc. of the 8th European Symposium on Research in Computer Security (ESORICS ’03), Gjovik, Norway, October 2003, pages. 326-343.
[12]C. Kruegel, W. Robertson, and G. Vigna. , “Detecting kernel-level rootkits through binary analysis.”, the 20th Annual Computer Security Applications Conference (ACSAC’04), 2004
[13]Christian Kreibich and Jon Crowcroft., “Honeycomb - creating intrusion detection signatures using honeypots.”, the Second Workshop on Hot Topics in Networks (HotNets-II), November 2003.
[14]Christodorescu M., Jha S., Seshia S.A., Song D., Bryant R.E., “Semantics-aware malware detection”, the 2005 IEEE Symposium on Security and Privacy, 2005, pages. 32-46
[15]Christopher K., Engin K., Darren M., William R. & Giovanni V., “Polymorphic Worm Detection Using Structural Information of Executables”, Recent Advances in Intrusion Detection, Volume 3858/2006 , 2006, pages. 207-226
[16]Cohen, F., "Computer Viruses.", PhD thesis, University of Southern California, 1985
[17]D.M. Chess and S.R. White., "An undetectable computer virus.", Virus Bulletin Conference, 2000
[18]Danilo Bruschi, Lorenzo Martignoni, and Mattia Monga., “Using code normalization for fighting self-mutating malware.”, Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment., IEEE Computer Society, 2006.
[19]Eric Filiol, “Strong Cryptography Armoured Computer Viruses Forbidding Code Analysis: The Bradley Virus”, the 14th EICAR Conference, 2005
[20]Filiol, E., “Malware Pattern Scanning Schemes Secure Against Black-box Analysis” Journal in Computer Virology, Volume 2, Number 1, 2006, pages. 35-50
[21]Fred Cohen, "Computer Viruses: Theory and Experiments", Computers and Security 6 ,1987, pages.22-35.
[22]G. Serazzi and S. Zanero., "Computer virus propagation models.", the 11th IEEE/ACM Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems MASCOTS, 2003
[23]G. Vigna, “Static Disassembly and Code Analysis in Malware Detection”, Advances in Information Security, Springer Link, 2007, pages.19-41
[24]Heng Yin, Dawn Song, Egele Manuel, Christopher Kruegel, and Engin Kirda., “Panorama: Capturing systemwide information flow for malware detection and analysis.”, Proceedings of the 14th ACM Conferences on Computer and Communication Security (CCS’07), October 2007.
[25]Hethcote, H.W., "The mathematics of infectious diseases.", SIAM, 2000, pages.599-653
[26]http://en.wikipedia.org/wiki/Bionics
[27]http://lib3ds.sourceforge.net
[28]http://msdn.microsoft.com/en-us/magazine/cc301805.aspx
[29]http://research.microsoft.com/projects/invisible/include/loaders/pe_image.h.htm
[30]http://sourceforge.net/projects/upxer/
[31]http://support.microsoft.com/kb/121460/zh-tw
[32]http://tw.trendmicro.com/tw/threats/enterprise/glossary/m/malware/index.php
[33]http://upx.sourceforge.net/
[34]http://usa.autodesk.com/adsk/servlet/index?id=5659302&siteID=123112
[35]http://usa.autodesk.com/adsk/servlet/index?siteID=123112&id=7635018
[36]“Oxford dictionary”,http://www.askoxford.com ,(Last visited 2008-08-07)
[37]http://www.autodesk.com/3ds-max
[38]http://www.genesis3d.com/
[39]http://www.hex-rays.com/idapro/
[40]http://www.mcafee.com/us/local_content/white_papers/partners/
ds_wp_telconote.pdf, pages 4
[41]http://www.microsoft.com/downloads/details.aspx?
familyid=9226A611-62FE-4F61-ABA1-914185249413&displaylang=en
[42]http://www.microsoft.com/express/samples/gamecreators/Default.aspx
[43]http://www.microsoft.com/msj/0297/hood/hood0297.aspx, http://research.microsoft.com/projects/invisible/include/loaders/pe_image.h.htm
[44]http://www.symantec.com/zh/tw/business/security_response/glossary.jsp#m
[45]http://www.tsrevolution.com/
[46]http://www.viruslist.com/en/viruses/glossary?glossid=189267896
[47]http://www.viruslist.com/en/virusesdescribed
[48]https://sourceforge.net/projects/freesg/
[49]https://sourceforge.net/projects/osmosis-project/
[50]Hyang-Ah Kim and Brad Karp., “Autograph: toward automated, distributed worm signature detection.”, the 13th USENIX Security Symposium, August 2004.
[51]J. Swets and R. Pickett., “Evaluation of diagnostic systems: Methods from signal detection theory.”, Academic Press, New York, 1982.
[52]J. Z. Kolter and M. A. Maloof, “Learning to detect malicious executables in the wild” the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2004, pages. 470-478
[53]Jedidiah R. Crandall, Zhendong Su, S. Felix Wu, and Frederic T. Chong, “On Deriving Unknown Vulnerabilities from ZeroDay Polymorphic and Metamorphic Worm Exploits”, the 12th ACM Conference on Computer and Communications Security, 2005
[54]Jessica Lauren Banks., “Design and Control of an Anthropomorphic Robotic Finger with Multi-point Tactile Sensation”, Master Thesis, Massachusetts Institute of Technology, 2001, pages. 14
[55]Jim Pitts, Martin van Velsen & Robin Fercoq, “3D-Studio File Format (.3ds)”, http://www.stevemorley.com/hobbies/3d/files/3ds093.txt
[56]Jinwook Shin and Diana F. Spears. ”The basic building blocks of malware”, Technical report, University of Wyoming, http://www.cs.uwyo.edu/dspears/papers/bbb.pdf, 2006. Accessed 08/03/2008.
[57]Johan Sandin, “An Overview of Malware Protection Approaches on Client Computers”, Master Thesis, Department of Computer and Systems Sciences, Stockholm University / Royal Institute of Technology, 2005, pages.5-18
[58]John Heasman, "Implementing and Detecting a PCI Rootkit", An NGSSoftware Insight Security Research (NISR) Publication, 2006
[59]Joseph Rabaiotti , “Malware Detection using Structural and Behavioural Features and Machine Learning”, PhD. Thesis, School of Computer Science, Cardiff University, August 4, 2007
[60]Joseph Rabaiotti, “Counter Intrusion Software, Malware Detection using Structural and Behavioural Features and Machine Learning”, School of Computer Science, Cardiff University, 2007
[61]Kirtesh Patil,” Evaluation of Semantic Aware Malware Detection against Code Obfuscation Techniques”, http://www4.ncsu.edu/~kpatil/CSC743%20Paper.pdf, May 6, 2007
[62]Klaus Brunnstein, “From AntiVirus to AntiMalware Software and Beyond: Another Approach to the Protection of Customers from Dysfunctional Behaviour”, the 22nd National Information Systems Security Conference, 1999
[63]Kolter J.Z. and Maloof M.A., “Learning to detect malicious executables in the wild.” Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining, ACM Press. , 2004, pages. 470-478
[64]Lee, T., Mody, J.J., “Behavioral classification”,: Proceedings of EICAR 2006 (April 2006)
[65]M. Christodorescu, J. Kinder, S. Jha, S. Katzenbeisser, and H. Veith. “ Malware normalization. Technical Report 1539”, University of Wisconsin, Madison, Wisconsin, USA, Nov. 2005
[66]M.G. Schultz, E.Eskin, E. Zadok, “Data Mining Methods for Detection of New Malicious Executables” the Security and Privacy of IEEE Symposium on, 2001, pages 38-49
[67]Marko Helenius, “A system to support the Analysis of Antivirus Products' Virus Detection Capabilities”, 2002
[68]Masud M. M., Khan L., & Thuraisingham B., “A hybrid model to detect malicious executables.” Proc. of the IEEE international conference on communication, 2007, pages.1443-1448
[69]Mila D.D., Mihai C., Somesh J., Saumya D., “A semantics-based approach to malware detection”, Annual Symposium on Principles of Programming Languages, 2007, pages.377-378
[70]“Online Computer Dictionary for Computer and Internet Terms and Definitions”, http://www.webopedia.com (Last visited 2008-08-07)
[71]P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling, “The Nepenthes Platform: An Efficient Approach To Collect Malware.”, Recent Advances in Intrusion Detection (RAID), 2006
[72]Peter Szor. “The Art of Computer Virus Research and Defense”, Symantec Press (Addison-Wesley), 2005.
[73]Peter Szor., “Hunting for metamorphic”, Virus Bulletin Conference, 2001.
[74]Spafford, E.H., “Crisis and aftermath.”, Communications of the ACM 32, 1989, pages.678-687
[75]Staniford, S., Paxson, V., Weaver, N., “How to 0wn the internet in your spare time.”, the 11th USENIX Security Symposium , 2002
[76]Steve R. White, “Open Problems in Computer Virus Research”, Virus Bulletin Conference, Munich, Germany, 1998
[77]TAUBIN, G., “A Signal Processing Approach to Fair Surface Design. In Computer Graphics”, SIGGRAPH 1995, pages.351-358.
[78]U. Bayer, C. Kruegel, and E. Kirda., “TTanalyze: A tool for analyzing malware.” the 15th Annual Conference of the European Institute for Computer Antivirus Research, Hamburg (Germany), April 2006.
[79]V. Sai Sathyanarayan, Pankaj Kohli, and Bezawada Bruhadeshwar, “Signature Generation and Detection of Malware Families”, Springer-Verlag Berlin Heidelberg, ACISP 2008, LNCS 5107, 2008, pages. 336-349.
[80]“Virus Taxonomy: Eighth Report of the International Committee on Taxonomy of Viruses”,ISBN 0122499514
[81]Woese C, Kandler O, Wheelis M, “Towards a natural system of organisms: Proposal for the domains Archaea, Bacteria, and Eucarya”, Proc. Nati. Acad. Sci. USA,Vol. 87, June 1990, pages. 4576-4579
[82]Ye, Yanfang, “An intelligent PE-malware detection system based on association mining” Journal in Computer Virology, 2008
[83]Zhang, Q., Reeves, D.S.: “MetaAware: Identifying Metamorphic Malware.”, Annual Computer Security Applications Conference (ACSAC),2007
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top