跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 林鈺凱
Yu-Kai Lin
論文名稱: CIRD: A Solution to Detect Real-time Zero-day Code-Injection Atttacks
指導教授: 許富皓
Fu-Hau Hsu
口試委員:
學位類別: 碩士
Master
系所名稱: 資訊電機學院 - 資訊工程學系
Department of Computer Science & Information Engineering
論文出版年: 2019
畢業學年度: 107
語文別: 中文
論文頁數: 33
中文關鍵詞: 緩衝區溢位代碼注入
外文關鍵詞: Buffer overflow, Code-Injection
相關次數: 點閱:9下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 在眾多的攻擊手法中,Buffer overflow 造成的Code-Injection 攻擊是
    一種很嚴重的攻擊方式。因為攻擊者可以任意執行惡意程式碼,可能會
    造成memory leak、任意記憶體位置讀寫、最嚴重可以拿到主機控制權。
    本篇論文設計了一套偵測Code-Injection 的方式,利用QEMU 和
    Linux Kernel 配合,可以即時偵測並且找出在執行檔哪個地方發生
    Code-Injection。

    In many of attack methods, the Code-Injection attacks is a serious problem that makes attackers can execute malicious code arbitrarily. It may cause memory leak, arbitrarily memory read/write or even taking control on the host machine.
    We had designed a method to detect Code-Injection attacks. Using QEMU and Linux Kernel, we can not only detect read-time Code-Injection attacks but also locate functions of Code-Injection vulnerability.

    摘要.................................................................................... i Abstract .............................................................................. ii 誌謝.................................................................................... iii 目錄.................................................................................... iv 圖目錄................................................................................. vi 表目錄................................................................................. vii 第1 章緒論........................................................................ 1 第2 章背景介紹.................................................................. 2 2.1 Linux Process ID ........................................................ 2 2.2 Linux PID 分配機制.................................................... 3 2.3 QEMU TCG IR ......................................................... 4 2.4 Buffer overflow 與Shellcode 攻擊................................... 6 第3 章系統設計.................................................................. 8 3.1 系統架構.................................................................. 8 3.2 執行檔加工............................................................... 9 3.3 Guest OS kernel ......................................................... 11 3.4 QEMU 紀錄Assembly Code ......................................... 13 3.5 偵測Code-Injection 與注入點....................................... 14 第4 章實驗設計與實作......................................................... 15 4.1 測試環境.................................................................. 15 4.2 功能測試.................................................................. 15 4.3 效能測試.................................................................. 16 4.4 CVE 測試................................................................. 17 iv 目錄 第5 章相關研究.................................................................. 18 5.1 Memory Forensics ....................................................... 18 5.2 Convolutional Neural Network ....................................... 18 第6 章討論........................................................................ 19 第7 章總結........................................................................ 20 參考文獻.............................................................................. 21

    [1] F. Bellard. (2019). Qemu, [Online]. Available: https://www.qemu.org/ (visited on
    07/16/2019).
    [2] L. B. Torvalds. (2019). Linux kernel, [Online]. Available: https://www.kernel.org/
    (visited on 07/16/2019).
    [3] T.-C. Chiueh and F.-H. Hsu, “Rad: A compile-time solution to buffer overflow attacks,”
    Proceedings 21st International Conference on Distributed Computing Systems,
    Apr. 16, 2001. doi: 10.1109/ICDSC.2001.918971. [Online]. Available: https:
    //ieeexplore.ieee.org/abstract/document/918971.
    [4] (2019). Cve, [Online]. Available: https://www.exploit-db.com/exploits/17486
    (visited on 07/16/2019).
    [5] A. Srivastava, “Detecting code injection by cross-validating stack and vad information
    in windows physical memory,” 2017 IEEE Conference on Open Systems
    (ICOS), Nov. 13, 2017. doi: 10 . 1109 / ICOS . 2017 . 8280279. [Online]. Available:
    https://ieeexplore.ieee.org/document/8280279.
    [6] Y. Pan, J. An, W. Fan, and W. Huang, “A shellcode detection method based on
    dynamic binary instrumentation and convolutional neural network,” ICSCA ’19
    Proceedings of the 2019 8th International Conference on Software and Computer
    Applications, pp. 462–466, Feb. 19, 2019. doi: 10.1145/3316615.3316731. [Online].
    Available: https://dl.acm.org/citation.cfm?id=3316731.
    [7] LLVM 開發團隊. (2019). Llvm, [Online]. Available: https://llvm.org/ (visited on
    07/16/2019).

    QR CODE
    :::