完整後設資料紀錄
DC 欄位語言
dc.contributor.author江易達en_US
dc.contributor.authorChiang, Yi-Taen_US
dc.contributor.author林盈達en_US
dc.contributor.authorLin, Ying-Daren_US
dc.date.accessioned2014-12-12T01:43:52Z-
dc.date.available2014-12-12T01:43:52Z-
dc.date.issued2009en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079756503en_US
dc.identifier.urihttp://hdl.handle.net/11536/45993-
dc.description.abstract在網際網路中,殭屍網路是一個很嚴重的威脅。為了要偵測殭屍網路,我們需要一個有效率的方法來分析他的行為。然而殭屍可以用混淆程式,輕易的改變其二進位程式碼,因此重複分析同種類的程式會浪費許多時間。目前已有人提出分類演算法來解決此問題,但這些方法大都不能正確分類混淆後的程式。因此我們提出一套方法來正確的分類。首先收集其呼叫之系統函數序列,之後依據此序列計算最常共同子字串及間隔分布計算相似度。同時利用片段辨識的方法增加辨識率。實驗顯示在分別不同樣本時,可以達到 94% 的正確率,而對同一種樣本偽裝後,也有90%能正確辨識為同一種樣本。zh_TW
dc.description.abstractBotnet is a serious threat on the Internet. In order to find a way to defect botnet, we need an efficient method to analysis its behavior. However, bots can easily transform its binary code by obfuscation, and waste the time to analysis many different bots obfuscated from the same origin. Some classifying algorithms are proposed to solve this problem, but many of them cannot classify obfuscated bots well. We propose a method to classify them. First we collect the system call sequence of malware, then we calculating LCS and Gap shift distribution to decide the similarity of two samples. We also use Segment identification for improving the correctness. Experiment shows our algorithm can achieve 94% correctness rate on distinguish different samples, and 90% correctness rate on identifying class of bot variants.en_US
dc.language.isoen_USen_US
dc.subject殭屍網路zh_TW
dc.subject系統函數zh_TW
dc.subject最長共同子字串演算法zh_TW
dc.subjectBotneten_US
dc.subjectSystem Callen_US
dc.subjectLCS Algorithmen_US
dc.title對混淆後之殭屍網路及惡意軟體自動化分析與分類zh_TW
dc.titleAutomatic Analysis and Classification of Obfuscated Bots and Malware Binariesen_US
dc.typeThesisen_US
dc.contributor.department網路工程研究所zh_TW
顯示於類別:畢業論文


文件中的檔案:

  1. 650301.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。