篇名 | 主機型惡意程式收集器 |
---|---|
卷期 | 25 |
並列篇名 | Host-based Malware Collector |
作者 | 許博學 |
頁次 | 091-102 |
關鍵字 | 惡意程式 、 惡意程式收集器 、 蜜罐 、 入侵偵測系統 、 Malware 、 Malware collector 、 Honeypot 、 Intrusion detection system |
出刊日期 | 201211 |
唯有採集到惡意程式樣本,安全機構才能依據樣本來制定辨識規則及特徵碼,以健全資訊安全防禦。鑒於網路型惡意程式收集器(例如結合入侵偵測系統的蜜罐)在樣本採集的正確性、時效及範圍方面,普遍有著侷限性問題;我們設計個創新的主機型惡意程式收集器,能夠即時正確地鑑定出惡意程式在終端主機上運作時的必定惡行,並且適合簡易部署在校園與組織以擴大採集範圍。
Information security extremely depends on malware identifying rules and signatures, which are formulated based on the study of malware samples by security organizations. Considering limitation issues in accuracy, timeliness and scope aspects of network-based malware collector (i.e. Honeypot with Intrusion Detection System), we design an innovative host-based malware collector, which precisely detects specific malware's behaviors on host computer, to automatically collect malware samples in large scope as it can be easily deployed on every host in campuses and organizations.