标题: 恶意程式动态行为分群、隐藏行为诱发、与行为特征的自动产生
Classifying Malware by Runtime Behavior, Triggering Hidden Behaviors, and Automatically Generating Malware Behavior Patterns
作者: 谢续平
SHIEH SHIUH-PYNG
国立交通大学资讯工程学系(所)
公开日期: 2013
摘要: 随着网路基础建设与行动装置的大量普及,各类云端平台与服务已被广泛

的使用,云端安全的相关讨论与研究亦为现今资讯技术研发中很重要的一环。

云端系统安全与云端资料安全是云端服务之两大安全性议题:云端系统安全主

要是讨论此系统是否可抵抗各种常见、变形或复杂的攻击行为;而云端资料安

全则是考量系统中所储存的各类型资料是否会被恶意的窥视、窜改、或是能否

提供资料使用授权等其他进阶功能。为了提供一套同时兼顾云端系统安全与云

端资料安全的整合性方案,本计昼团队以前期计昼的成果为基础,规划了此整

合型计昼“总计昼:前瞻性云端动态防护、安全授权、与风险评估”。

本计昼包含四个子计昼:“子计画一:恶意程式动态行为分群、隐藏行为诱

发、与行为特征的自动产生”将基于恶意程式动态执行时期之行为以及各种攻击

触发条件,自动分类并萃取恶意程式之行为模式特征,以提供一个恶意程式行

为模式特征资料库,“子计昼四:虚拟化资料中心之在线式未知恶意程式侦测与

隔离”并将依据此行为模式特征资料库开发出一套安全云端平台,可动态即时地

阻断恶意程式之执行并进行后续的损害控管。此外“子计画二 :高效率安全可靠

云端资料之完整性检测与授权使用:以医疗资料为例”亦将以此安全云端平台为

基础,实做出一套高效率的安全云端医疗资料库,除了私密性与完整性之外,

本资料库更可提供使用者授权存取等功能。为了证明本计昼所研发之各项建构

技术、平台、与资料库之安全性,本计昼之“子计画三:基于虚拟化技术之云端

系统风险评估机制”也将提出一套完整的风险评估机制。此机制可有系统性地分

析目标系统的各项风险值,本计昼并将利用此评估机制对所提出之各项技术与

系统进行安全性评估,以证明其整体安全性符合需求。

本计昼预期能针对云端环境在恶意程式分析、安全检测防护、云端应用服务、 与安全评估模型方面提出前瞻性的构想与成果。本计昼亦将积极规划与政府机构 及产业界的合作研发,未来将与宏达电、趋势科技、乔鼎资讯(全球前三大容错 磁碟阵列厂商)、中华电信、工研院、与教育部等进行技术移转及多年期合作研 发案,可望吸引台湾发达的资安产业投入云端安全的研究,进而厚植台湾产官学
界对云端安全技术的研发实力。
With the increasing popularity of network infrastructure and mobile devices, various cloud platforms and services have been widely used. Cloud security-related discussion and research are very important part to the development of information technology today. Cloud system security and data security are the two important security issues of cloud services. Cloud system security is about how the system resists to various complex and aggressive attack behavior. Cloud data security considers the safety of data stored in the system and protects data from malicious disclosure and tampering, or can provide information on the license. In order to take two types of cloud security into account, we will investigate in this project "Cloud Platform for Dynamic Protection, Security Authorization and Risk Assessment."

This project consists of four sub-projects: "Sub-project 1: Classifying Malware by Runtime Behavior, Triggering Hidden Behaviors, and Automatically Generating Malware Behavior Patterns," "Sub-project 2: Efficient, secure and robust cloud data storage with integrity and authorization: use medical records as examples," "Sub-project 3: Virtuanlization-Based Risk Assessment as a Service in Cloud Environments," "Sub-project 4: Online Detection and Containment of Unknown Malware in Virtualized Datacenter Environment." Based on the runtime behavior and trigger conditions, Sub-project 1 will automatically classify patterns of malware behavior and provide a malware behavior database which collects these patterns. Sub-project 4 will use the information in the database and develop a secure cloud platform. This platform can block the execution of malware during run-time and provide damage control for the cloud system. On this platform, Sub-project 2 will implement a high efficient secure medical database. This medical database can guarantee privacy, integrity and authentication. To prove the security of the techniques and the platform implemented in this project, Sub-project 3 will propose a complete mechanism of risk assessment. This mechanism can systematically analyze target system and compute its risk values in several ways. We will use it to demonstrate that the overall safety requirements are met.

This project is expected to propose forward-looking ideas and results about cloud environment for malware analysis, security testing protection, cloud application services, and safety assessment model. This project will also actively plan to cooperate with government agencies and industry R & D. A number of cooperation programs in succession or negotiation.
官方说明文件#: NSC101-2221-E009-072-MY3
URI: http://hdl.handle.net/11536/94647
https://www.grb.gov.tw/search/planDetail?id=2864203&docId=407397
显示于类别:Research Plans