標題: 基於資訊流之應用程式行為模型
Information Flow Based Application Behavior Modeling
作者: 李泓暐
Li, Hong-Wei
吳育松
Wu, Yu-Sung
資訊科學與工程研究所
關鍵字: 資訊流;應用程式行為;information flow;application behavior
公開日期: 2014
摘要: 我們提出了一個基於資訊流的應用程式行為模型,該模型強調應用程式執行時所造成系統物件間的資訊流。資訊流不止是包含底層物件的屬性,同時也表現出物件間的關聯性,此外,此模型支援用正規表示式來做詢問。我們展示將模型套用在惡意行為識別應用上,並且在Xen虛擬化平台上建立一個雛型行為引擎,該行為引擎在對客戶端透明的情況下攔截客戶端所執行的系統呼叫,接著將系統呼叫軌跡轉換成上述的模型,使其能夠接受正規表示式來做詢問。實驗部分確認雛型系統能夠將未知的惡意軟體行為比對出來,被監控的客戶端系統仍可維持80%的原有效能。
We propose an application behavior model based on information flow. The model focuses on the flow of information among system objects due to the execution of an application. A flow encompasses not only the attributes of its underlying objects but also the relations between the objects. The model supports efficient query through regular expressions. We have shown that the model is applicable to practical applications such as the identification of malicious behavior of unknown malware. We built a prototype behavior engine on top of Xen virtualization platform. The behavior engine transparently monitors the guest system calls, convert the system call trace into the information flow behavior model, and allows queries of application behavior through regular expressions. The evaluation confirms that the prototype system can indeed support behavior matching of unknown malware and incurs only a mild 20% performance overhead on the monitored guest system.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT070256006
http://hdl.handle.net/11536/75774
顯示於類別:畢業論文


文件中的檔案:

  1. 600601.pdf

若為 zip 檔案,請下載檔案解壓縮後,用瀏覽器開啟資料夾中的 index.html 瀏覽全文。