跳到主要內容

臺灣博碩士論文加值系統

(44.220.181.180) 您好!臺灣時間:2024/09/14 12:41
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:梁博皓
研究生(外文):LIANG, BO-HAO
論文名稱:物聯網設備的全面漏洞檢測和惡意軟體感染測試策略
論文名稱(外文):Comprehensive Vulnerability Detection and Malware Infection Testing Strategies for IoT Devices
指導教授:黃仁竑黃仁竑引用關係
指導教授(外文):HWANG, REN-HUNG
口試委員:黃仁竑林盈達林柏青
口試委員(外文):HWANG, REN-HUNGLIN, YING-DARLIN, PO-CHING
口試日期:2024-07-11
學位類別:碩士
校院名稱:國立中正大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2024
畢業學年度:112
語文別:英文
論文頁數:47
中文關鍵詞:主動式檢測物聯網漏洞零日漏洞惡意軟體感染
外文關鍵詞:Proactive detectionIoT VulnerabilitiesZero day vulnerabilityMalware infection
相關次數:
  • 被引用被引用:0
  • 點閱點閱:25
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
Abstract iii
1 Introduction 1
2 Background and Motivation 4
2.1 Related work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.3 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3 Design and Implementation 11
3.1 Comprehensive detection method . . . . . . . . . . . . . . . . . . . . . . 11
3.1.1 Privacy breaches . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1.2 Disruptions of devices and networks . . . . . . . . . . . . . . . . 15
3.1.3 Vulnerabilities by malicious entities . . . . . . . . . . . . . . . . 15
3.2 Identifying devices at risk of infection . . . . . . . . . . . . . . . . . . . 17
3.2.1 The approach of the strategy . . . . . . . . . . . . . . . . . . . . 17
3.2.2 Detection infection process . . . . . . . . . . . . . . . . . . . . . 18
4 Experiments 22
4.1 Overall results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
4.1.1 Vulnerability detection results . . . . . . . . . . . . . . . . . . . 23
4.1.2 Malware infection results . . . . . . . . . . . . . . . . . . . . . . 31
4.2 Case studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.2.1 Unexpected vulnerability and weaknesses . . . . . . . . . . . . . 33
4.2.2 Infection failure results . . . . . . . . . . . . . . . . . . . . . . . 35
4.3 Lessons learned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
5 Discussion 41
6 Conclusion 43
Reference 45
[1] M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z. Durumeric, J. A. Halderman, L. Invernizzi, M. Kallitsis et al., “Understanding the mirai botnet,” in 26th USENIX security symposium (USENIX Security 17), Vancouver, Canada, Aug. 16–18, 2017, pp. 1093–1110.
[2] M. Kumar, “New mirai okiru botnet targets devices running widely-used arc processors,” The Hacker News, Jan. 15, 2018. [Online]. Available: https://thehackernews.com/2018/01/mirai-okiru-arc-botnet.html
[3] R. Millman, “Satori botnet searching internet for open ethereum mining rigs,” SC Media, May 18, 2018. [Online]. Available: https://www.scmagazine.com/news/satori-botnet-searching-internet-for-open-ethereum-mining-rigs
[4] D. D. J. Manuel, R. Joven, “Omg: Mirai-based bot turns iot devices into proxy servers,” Fortinet, Feb. 21, 2018. [Online]. Available: https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers
[5] R. T. J. Salvio, “Fresh totolink vulnerabilities picked up by beastmode mirai campaign,” Fortinet, Apr. 01, 2022. [Online]. Available: https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign
[6] W. Xie, J. Chen, Z. Wang, C. Feng, E. Wang, Y. Gao, B. Wang, and K. Lu, ““game of hide-and-seek: Exposing hidden interfaces in embedded web applications of iot device,” in Proceedings of the ACM Web Conference 2022, Lyon, France, Apr. 25–29, 2022, pp. 524–532.
[7] A. Liu, A. Alqazzaz, H. Ming, and B. Dharmalingam, “Iotverif: Automatic verification of ssl/tls certificate for iot applications,” IEEE Access, vol. 9, pp. 27 038–27 050, 2019.
[8] E. Süren, F. Heiding, J. Olegård, and R. Lagerström, “Patriot: practical and agile threat research for iot,” International Journal of Information Security, vol. 22, no. 1, pp. 213–233, 2023.
[9] R. Akhilesh, O. Bills, N. Chilamkurti, and M. J. M. Chowdhury, “Automated penetration testing framework for smart-home-based iot devices,” Future Internet, vol. 14, no. 10, p. 276, 2022.
[10] V. Visoottiviseth, P. Akarasiriwong, S. Chaiyasart, and S. Chotivatunyu, “Pentos: Penetration testing tool for internet of thing devices,” in TENCON 2017-2017 IEEE Region 10 Conference. Penang, Malaysia: IEEE, Nov. 5–8 2017, pp. 2279–2284.
[11] M. W. Daming D. Chen, Manuel Egele and D. Brumley, “Towards automated dynamic analysis for linux-based embedded firmware.” in Network and Distributed System Security Symposium 2016, San Diego, California, Feb. 21–24 2016, pp. 1–1.
[12] H. Li, Q. Huang, F. Ding, H. Hu, L. Cheng, G. Gu, and Z. Zhao, “Understanding and detecting remote infection on linux-based iot devices,” in Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, Nagasaki, Japan, May 30.–Jun. 3 2022, pp. 873–887.
[13] H. Alasmary, A. Khormali, A. Anwar, J. Park, J. Choi, A. Abusnaina, A. Awad, D. Nyang, and A. Mohaisen, “Analyzing and detecting emerging internet of things malware: A graph-based approach,” IEEE Internet of Things Journal, vol. 6, no. 5, pp. 8977–8988, Oct. 2019.
[14] B. Eshete and V. Venkatakrishnan, “Dynaminer: Leveraging offline infection analytics for on-the-wire malware detection,” in 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Denver, U.S.A, Jun. 26–29 2017, pp. 463–474.
[15] S. M. P. Dinakarrao, X. Guo, H. Sayadi, C. Nowzari, A. Sasan, S. Rafatirad, L. Zhao, and H. Homayoun, “Cognitive and scalable technique for securing iot networks against malware epidemics,” IEEE Access, vol. 8, pp. 138 508–138 528, Jul. 2020.
[16] K. Shaukat, S. Luo, and V. Varadharajan, “A novel deep learning-based approach for malware detection,” Engineering Applications of Artificial Intelligence, vol. 122, p. 106030, 2023.
[17] Ö. A. Aslan and R. Samet, “A comprehensive review on malware detection approaches,” IEEE Access, vol. 8, pp. 6249–6271, 2020.
[18] T. Laskos, “Arachni,” Sarosys LLC, May 29, 2022. [Online]. Available: https://github.com/Arachni/arachni
[19] vanhauser thc, “thc-hydra,” The Hacker’s Choice, Jun. 12, 2023. [Online]. Available: https://github.com/vanhauser-thc/thc-hydra
[20] D. Wetter, “testssl.sh,” drwetter, Oct. 10, 2023. [Online]. Available: https://github.com/drwetter/testssl.sh
[21] S. Shekyan, “slowhttptest,” shekyan, Jun. 10, 2022. [Online]. Available: https://github.com/shekyan/slowhttptest
[22] Lucyoa, “routersploit,” threat9, Oct. 18, 2018. [Online]. Available: https://github.com/threat9/routersploit
[23] R.-H. Huang and J.-Y. Lin, “自動化物聯網裝置搜尋及漏洞檢測平台,” in 第32 屆國防科技學術研討會, Taoyuan, Taiwan, Nov. 10. 2023.
[24] H. C. Rudolph, “Ciphersuite,” May 6, 2018. [Online]. Available: https://ciphersuite.info/
[25] M. Kim, D. Kim, E. Kim, S. Kim, Y. Jang, and Y. Kim, “Firmae: Towards large-scale emulation of iot firmware for dynamic analysis,” in Proceedings of the 36th Annual Computer Security Applications Conference, Austin, U.S.A, Dec. 7–11 2020, pp. 733–745.
電子全文 電子全文(網際網路公開日期:20260801)
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top