English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 42717468      線上人數 : 1522
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/48407


    題名: none Antivirus Software Shield against Antivirus Terminators
    作者: 陳介文;Chieh-wen Chen
    貢獻者: 資訊工程研究所
    關鍵詞: 防毒軟體;資訊安全;antivirus software;security
    日期: 2011-07-20
    上傳時間: 2012-01-05 14:53:51 (UTC+8)
    摘要: 近半個世紀以來,資訊安全人員與駭客之間的攻防戰從來沒停歇過,攻擊者不斷嘗試找出更多可利用的安全漏洞,而資安人員則致力於保護使用者的資訊安全。一般最常見也最基本的保護措施即安裝防毒軟體。若是每位防毒軟體使用者都具有基本的資訊安全知識並定期更新病毒碼,攻擊者在撰寫惡意程式時就必須花很多心力避免被防毒軟體偵測到以利於惡意軟體的運作。 因此,惡意軟體自我保護機制也逐漸的發展成形。其中一種常見的惡意軟體自我保護機制為一旦惡意軟體被執行,首要的工作就是將運作環境中的防毒軟體關閉,當防毒軟體被關閉,使用者的電腦保護傘如同虛設,攻擊者便如入無人之境能夠為所欲為,這對使用者的資訊安全將會造成很大的危害。 這篇論文主要針對惡意軟體強制關閉防毒軟體的行為提出防護的方法。我們分析了數隻病毒樣本得到攻擊者常見的攻擊手法,並根據這些攻擊手法設計了一套以SSDT hook為基礎的防護方案。我們提供了一個對系統運作效率影響極低且有效的防禦機制。 In the near several decades, the arms race between malware writers and system security watchmen has become more and more severe. The simplest way for a user to secure her/his computer while using it is to install antivirus software on her/his computer. As antivirus software becomes more sophisticated and powerful, evading the detection of antivirus software becomes an important part of malware. Without a good approach to bypass the detection of antivirus software, before doing any vicious activity, malware may have already been removed by antivirus software. As a result, malware writers have developed various approaches to increase the survivability and stealth of their malware. And many malware self-defense technologies have been implemented. One of these technologies is to disrupt the functionality of security solutions, especially antivirus software. For example, lot of malware terminates antivirus software right after their execution. Without the protection of the terminated security tool, an attacker can do anything on the intruded host. In this paper, we propose a mechanism, called ANtivirus Software Shield (ANSS), to prevent antivirus software from being terminated without the consciousness of the antivirus software users. ANSS uses SSDT hook to intercept specific Windows APIs and analyzes them to filter out hazardous API calls that will viciously terminate antivirus software. Experimental results show that ANSS can protect antivirus software from being terminated by malware used in our experiments with at most 3.5% performance overhead.
    顯示於類別:[資訊工程研究所] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML584檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明