跳到主要內容

臺灣博碩士論文加值系統

(3.236.50.201) 您好!臺灣時間:2021/08/01 23:57
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:邱科琹
論文名稱:以原始碼特徵為基礎之惡意軟體類型偵測
論文名稱(外文):A Source Code-Based Malware Detection Technique
指導教授:李彥賢李彥賢引用關係
學位類別:碩士
校院名稱:國立嘉義大學
系所名稱:資訊管理學系研究所
學門:電算機學門
學類:電算機一般學類
論文種類:學術論文
畢業學年度:102
語文別:中文
中文關鍵詞:惡意軟體分析惡意軟體分類漸進式分群方法惡意軟體原始碼分類
相關次數:
  • 被引用被引用:0
  • 點閱點閱:217
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:1
隨著網際網路的蓬勃發展,相關資訊科技的日益進步,促使各產業的蓬勃發展,網路設備的普及與網路的便利使用,更觸及人們生活的每一部分,然而,近年來惡意軟體(Malware)日益威脅網際網路,對企業組織帶來極大的損失。大多數惡意軟體的演進過程,是先由一些作者撰寫產生初始版本,期間作者可能會改版,發佈更新版本的惡意軟體,然後再經由其他作者改寫現存的惡意軟體,因此同一家族的惡意軟體,將擁有類似的惡意行為。對於惡意軟體動態且持續的攻擊行為,需要更有效率與效能的分析方法。惡意軟體的分析,可以分為動態分析與靜態分析,其中動態分析需耗費分析者大量的系統資源,導致分析成本上升,並且當觸發條件不同時,分析者所獲得的資訊也不相同,延遲分析人員回應惡意攻擊的時間。所以本研究使用靜態分析選取惡意軟體原始碼特徵,並且提出1- Nearest-Neighbor Clustering (1-NN)漸進式分群方法,藉此分類惡意軟體到適當的群集,協助研究人員即時獲取惡意軟體的資訊,做出最有效的反應。最後,本研究採用實證評估方式,比較過去研究使用Byte Sequence擷取n-gram特徵與本研究提出的原始碼特徵的差異,評估結果發現本研究提出的以原始碼特徵為基礎之惡意軟體類型偵測技術,能夠有效提高偵測惡意軟體類型的效能。
摘要 ..................................................................................................................................... i
Abstract ............................................................................................................................... ii
目錄 ................................................................................................................................... iii
圖目錄 ............................................................................................................................... iv
表目錄 ................................................................................................................................ v
第一章、緒論 .................................................................................................................... 1
第一節、 研究背景 ................................................................................................ 1
第二節、 研究動機與目的 .................................................................................... 2
第三節、 論文架構 ................................................................................................ 5
第二章、文獻探討 ............................................................................................................ 6
第一節、 誘捕系統(Honeypot) ........................................................................ 6
第二節、 惡意軟體分析技術 ................................................................................ 8
第三節、 原始碼分析 .......................................................................................... 11
第三章、漸進式惡意軟體類型偵測技術 ...................................................................... 12
第一節、 過濾檔案類型 ...................................................................................... 13
第二節、 特徵選取 .............................................................................................. 14
第三節、 惡意軟體分類預測 .............................................................................. 20
第四章、實驗評估 .......................................................................................................... 29
第一節、 實驗設計 .............................................................................................. 29
第二節、 惡意軟體偵測績效分析 ...................................................................... 34
第三節、 單一原始碼特徵之影響力分析 .......................................................... 38
第四節、 加入正常軟體後系統分群之績效分析 .............................................. 39
第五章、結論與未來研究 .............................................................................................. 40
中文參考文獻 .................................................................................................................. 42
英文參考文獻 .................................................................................................................. 43
中文參考文獻
[劉芳瑜11]
劉芳瑜,「基於內核函數呼叫模式之惡意程式種類辨認方法」,國立交通大學碩士論文,2011。
[蘇育生05]
蘇育生,「應用語義描述於探索在內容管理系統」,國立中央大學碩士論文,2005。
[楊佳蕙12]
楊佳蕙,「基於結構相似度之原始碼分類研究」,國立中山大學碩士論文,2012。
英文參考文獻
[AKM13]
Annervaz, K. M., Kaulgud, V., Misra, J., Sengupta, S., Titus, G., and Munshi, A., “Code clustering workbench,” Proceedings of the 13th International Working Conference on Source Code Analysis and Manipulation, 2013, pp. 31-36.
[ASA12]
Altaher, A., Surpriyanto., Almomani, A., Anbar, M., and Ramadass S., “Malware Detection Based on Evolving Clustering Method for Classification,” Scientific Research and Essays, Vol. 7, No. 22, 2012, pp. 2031-2036.
[BOA07]
Bailey, M., Oberheide, J., Andersen, J., Mao, Z. M., Jahanian, F., and Nazario, J.,“Automated Classification and Analysis of Internet Malware,” Proceedings of the 10th international conference on Recent advances in intrusion detection, 2007, pp. 178-197.
[BP02]
Baumann, R. and Plattner, C. White Paper: Honeypots, Swiss Federal Institute of Technology, Zurich, 2002.
[CLN10]
Christian, R., Lim, C., Nugroho, A. S., and Kisworo, M., “Integrating Dynamic Analysis Using Clustering Techniques for Local Malware in Indonesia,” Proceedings of the 10th International Conference on Advances in Computing, Control, and Telecommunication Technologies, 2010, pp 167-169.
[D45]
Dice, L. R., “Measures of the Amount of Ecologic Association between Species,” Journal of Ecology, Vol. 26, No. 3, 1945, pp. 297-302.
[ESM07]
Elovici, Y., Shabtai, A., Moskovitch, R., Tahan, G., and Glezer, C., “Applying Machine Learning Techniques for Detection of Malicious Code in Network Traffic,” Proceedings of the 30th annual German conference on Advances in Artificial Intelligence, 2007, pp. 44-50.
[F06]
Filiol, E., “Malware Pattern Scanning Schemes Secure Against Black-Box Analysis,” Journal in Computer Virology, Vol. 2, No. 1, 2006, pp. 35-50.
[GSH09]
Griffin, K., Schneider, S., Hu, X., and Chiueh, T. C., “Automatic Generation of String Signatures for Malware Detection,” Recent Advances in Intrusion Detection: Lecture Notes in Computer Science, Vol. 5758, 2009, pp. 101-120.
[H10]
Harman, M., “Why Source Code Analysis and Manipulation Will Always Be Important,” Proceedings of the 10th International Working Conference on Source Code Analysis and Manipulation, 2010, pp. 7-19.
[HKI11]
Han, K. S., Kang, B., and Im, E. G., “Malware Classification using Instruction Frequencies,” ACM Symposium on Research in Applied Computation, 2011, pp. 298-300.
[ITBV10]
Islam, R., Tian, R., Batten, L., and Versteeg, S., “Classification of Malware Based on String and Function Feature Selection,” Cybercrime and Trustworthy Computing Workshop, 2010, pp. 9-17.
[KCK09]
Kolbitsch, C., Comparetti, P. M., Kruegel, C., Kirda, E., Zhou, X., and Wang, X., “Effective and efficient malware detection at the end host,” Proceedings of the 18th conference on USENIX security symposium, 2009, pp. 351-366.
[K13]
Kippo, 2013, (available at http://code.google.com/p/kippo/)
[KKO10]
Kim, D., Kim, I., Oh, J., and Jang, J., “Behavior-based Tracer to Monitor Malicious Features of Unknown Executable File,” Proceedings of the 5th International Multi-conference on Computing in the Global Information Technology, 2010, pp. 152-156.
[KM06]
Kolter, J. Z., and Maloof, M. A., “Learning to Detect and Classify Malicious Executables in the Wild,” Journal of Machine Learning Research, Vol. 7, 2006, pp. 2721-2744.
[L96]
Levenshtein, V. I., “Binary Codes Capable of Correcting Deletions, Insertions, and Reversals,” Soviet Physics Doklady, Vol.10, 1996, No. 8, pp. 707–710.
[LCJ11]
Li, H., Chen, J., and Jin, X., “An outlook on network honeypot,” Computer Science and Service System, 2011, pp. 1102-1105.
[LFL98]
Landauer, T. K., Foltz, P. W., and Laham, D., “An introduction to Latent Semantic analysis,” Discourse Processes, Vol. 25, 1998, pp. 259-284.
[LM11]
LaToza, T. D., and Myers, B. A., “Visualizing call graphs,” IEEE Symposium on Visual Languages and Human-Centric Computing, 2011, pp. 117-124.
[MM03]
Marcus, A., and Maletic, J. I., “Recovering Documentation-to-Source-Code Traceability Links Using Latent Semantic Indexing,” Proceedings of the 25th International Conference on Software Engineering, 2003, pp. 125-135.
[MWC10]
Miao, Q. G., Wang, Y., Cao, Y., Zhang, X. G., and Liu, Z. L., “API Capture – A Tool for Monitoring the Behavior of Malware,” Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering, Vol. 4, 2010, pp. 390-394.
[NPE11]
Norbert, A., Peter, J., and Eva, D., “An Anomaly-based Intrusion Detection System,” Electrical Engineering and Informatics II, 2011, pp 260-264.
[P13]
Ponemon Institute, “2013 Cost of Cyber Crime Study: United States” Hewlett-Packard Enterprise Security Inc, Oct, 2013. (available at http://www.hpenterprisesecurity.com/ponemon-2013-cost-of-cyber-crime-study-reports).
[PAK07]
Paxton, N. C., Ahn, G. J., Kelly, R., Pearson, K., and Chu, B. T., “collecting and analyzing bots in a systematic honeynet-based testbed environment,” Proceedings of the 11th Colloquium for Information System Security Education, 2007, pp 76-81.
[SD09]
Shishir., K, and Durgesh, P., “Detection and Prevention of New and Unknown Malware using Honeypots,” International Journal on Computer Science and Engineering, Vol. 1, No.2, 2009, pp 56-61.
[PZR10]
Park, Y., Zhang, Q., Reeves, D., and Mulukutla, V., “AntiBot Clustering Common Semantic Patterns for Bot Detection,” Proceedings of the 34th Computer Software and Applications Conference, 2010, pp. 262-272.
[R05]
Rozinov, K., “Efficient static analysis of executables for detecting malicious behaviors,” The Master Thesis, Polytechnic University, Jun. 2005.
[RS09]
Singh, K. Ram., and Ramajujam, P. T., “Intrusion Detection System Using Advanced Honeypots,” International Journal of Computer Science and Information Security, Vol.2, No.1, 2009, pp1-9.
[S01]
Spitzner, L., “The Value of Honeypots, Part One: Definitions and Values of Honeypots,” Security Focus, 2001.
[S03]
Spitzner , L., “Honeypots: Tracking Hackers,” Addison-Wesley, 2003.
[S12]
Symantec Corporation, “Internet Security Threat Report 2011 Trends,” 2012 (available at http://www.symantec.com/threatreport/ ).
[SCG11]
Stakhanova, N., Couture, M., and Ghorbani, A. A., “Exploring Network-Based Malware Classification,” Proceedings of the 6th International Conference on Malicious and Unwanted Software, 2011, pp. 14-20.
[SSY05]
Sadasivam, K., Samudrala, B., and Yang. T. A., “Design of network security projects using honeypots,” Journal of Computing Sciences in Colleges, Vol. 20, No. 4, pp 282-293.
[TRS12]
Tahan, G., Rokach, L., and Shahar, Y., “Mal-ID:Automatic Malware Detection Using Common Segment Analysis and Meta-Features,” Journal of Machine Learning Research, Vol. 13, No. 4, 2012., pp. 949-979.
[TSF09]
Tabish, S. M., Shafiq, M. Z., and Farooq, M., “Malware Detection using Statistical Analysis of Byte-Level File Content,” Proceedings of the 15th ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, 2009, pp. 23-31.
[V08]
Vasudevan, A., “MalTRAK: Tracking and Eliminating Unknown Malware,” Proceedings of the 24th Computer Security Applications Conference, 2008, pp. 311-321.
[VFR13]
Vokorokos, L., Fanfara, P., Radusovský, J., and Poór, P., “Sophisticated Honeypot Mechanism - the Autonomous Hybrid Solution for Enhancing Computer System Security,” IEEE 11th International Symposium on Applied Machine Intelligence and Informatics, 2013, pp 41-46.
[WHF07]
Willems, C., Holz, T., and Freiling, F., “Toward Automated Dynamic Malware Analysis Using CWSandbox,” Journal of IEEE Security and Privacy, Vol. 5, No. 2, 2007, pp. 32-39.
[WHL09]
Wei, C. P., Hu, P. J., and Lee, Y. H., “Preserving User Preferences in Automated Document-Category Management: An Evolution-Based Approach,” Journal of Management Information Systems, Vol. 25, No. 4, 2009, pp. 109-143.
[W13]
Wildlist, 2013, (available at http://www.wildlist.org/WildList/t_archive.htm).
[WZL12]
Wu, Y., Zhang, B., Lai, Z., and Su, J., “Malware Network Behavior Extraction Nased on Dynamic Binary Analysis,” Proceedings of the 3rd International Conference on Software Engineering and Service Science, 2012, pp. 316-320.
[YCW09]
Ye, Y., Chen, L., Wang, D., Li, T., Jiang, Q., and Zhao, M., “SBMSDS: An Interpretable String Based Malware Detection System Using SVM Ensemble with Bagging,” Journal in Computer Virology, Vol. 5, NO. 4, 2009, pp. 283-293.
[YLH10]
Ye, Y., Li, T., Huang, K., Jiang, Q., and Chen, Y., “Hierarchical Associative Classifier (HAC) for Malware Detection from the Large and Imbalanced Gray List,” Journal of Intelligent Information Systems, Vol. 35, No. 1, 2010, pp. 1-20.
[YLS08]
Yin, H., Liang, Z., Song, D., “HookFinder Identifying and Understanding Malware Hooking Behaviors,” Proceedings of the 15th Annual Network and Distributed System Security Symposium, 2008.
[YSE07]
Yin, H., Song, D., Egele, M., Kruegel, C., and Kirda, E., “Panorama: Capturing System-Wide Information Flow for Malware Detection and Analysis,” Proceedings of the 14th ACM conference on Computer and communications security, 2007, pp 116-127.
[YWL08]
Ye, Y., Wang, D., Li, T., Ye, D., and Jiang, Q., “An Intelligent PE-Malware Detection System Based on Association Mining,” Journal in Computer Virology, Vol. 4, No. 4, 2008, pp. 323-334.
[ZGJ08]
Zhang, J., Guan, Y., Jiang, X., and Duan, H., “AMCAS: An Automatic Malicious Code Analysis System,” Proceedings of the 9th International Conference on Web-Age Information Management, 2008, pp. 501-507.
[ZIL11]
Zen, K., Iskandar, D. N. F. A., and Linang, O., “Using Latent Semantic Analysis for Automated Grading Programming Assignments,” Proceedings of the 1st International Conference on Semantic Technology and Information Retrieval, 2011, pp. 82-88.
[ZMZ12]
Zabidi, M. N. A., Maarof, M. A., and Zainal, A., “Malware Analysis with Multiple Features,” Proceedings of the 14th International Conference on Modelling and Simulation, 2012, pp. 231-325.
連結至畢業學校之論文網頁點我開啟連結
註: 此連結為研究生畢業學校所提供,不一定有電子全文可供下載,若連結有誤,請點選上方之〝勘誤回報〞功能,我們會盡快修正,謝謝!
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top