Dissertation > Excellent graduate degree dissertation topics show

The Research of Malware Detection Technology Based on Active Mode

Author: LiuHao
Tutor: LiBin
School: Harbin Institute of Technology
Course: Computer Science and Technology
Keywords: Actively-detecting Honeypot Malware collection Network security
CLC: TP393.08
Type: Master's thesis
Year: 2008
Downloads: 303
Quote: 2
Read: Download Dissertation

Abstract


With the extensive and deep use of computer networks, network security has been a key problem,and malware is one of the worst menaces to network. Now the malware’s transmission and attack mode are becoming more and more complicated and diversified, which makes many new menaces and challenges to network security. Using new transmission methods, those already exist malwares changes their transmission method and begin to use client software such as browser to transmit. There are also appearing many new transmission methods such as P2P download- transmission、Trojan downloader and Google Hacking using search engine. Following a lot of new methods, there appears new attack method such as using client software’s vulnerability to attack. Client applications’conspicuous appearing conduces more and more baleful attacks aiming at client software, such as web browser and Email client applications. Now the kind of malware transmitted by client applications is malware’s main development trend, including passive-spreading malwares such as script virus included in web pages.As a newly arisen trap technique, Honeypot is widely used in network security’s threats detection. But honypot can only monitor and analyze those attacks aiming at honey pot itself, which limits the view. Traditional malware detection systems such as Nepenthes just uses honey pot technique to attract malware and waits malware’s attack passively.Due to the traditional malware detection technique which depends on passive detecting can’t satisfy the network security’s requirement, malware detection technique changes from passive technique to active technique. This paper gives a detailed analysis about malware’s transmission and operation characteristics, and on this foundation, the paper proposes a model based on active technique. The fundamental difference between this model and the traditional malware detection model is that the former adds mechanisms about active search and visit those targets which are suspected including malware. Those mechanisms can actively badger the malware to attack honerpot, then it can detect these malware. According to the model, this paper proposes a malware detection method based on active technique、high-interaction honeypot and behavior monitoring.After detailed analysis of those malwares’ spreading process which spread by IE browser, this paper proposes to make active visit to doubtful aims using IE browser as client. On the basis of the detailed analysis of those malwares’ spreading methods and operation way, the paper proposes an extendable monitoring method based on aims set monitoring and behavior monitoring. At the same time this paper designed an extendable structure and some interfaces.On the basis of those theories, this paper designs and implements a malware detection system based on IE browser, which is named as Decoy. Besides traditional detection tool’s functions, Decoy actively visit aims which maybe include malware, trigger the passive-spreading malwares and badger malwares to attack, using real-time inspecting method. As a result, Decoy can rise the coverage of malware’s kind. Traditional detection system need to be deployed on the public network’s export which is a higher requirement for the deploy environment. Decoy just need to be deployed on LAN, this makes Decoy has a strong availability. The experiment’s results validated that Decoy meets the design requirements, and the experimental data validated that the theoretical analysis is practical and correct.In the end of the paper, it analyzed the achievement of my research and the problems that emerged in the realization process. Then the writer gave some proposals for researchers who are interested in this research to have further study.

Related Dissertations

  1. Region-based wireless sensor network key management scheme for research,TP212.9
  2. SX Provincial Public Security Bureau Network Security Corps Performance Evaluation Index System Design,D631.1
  3. The Research of Attack Source Traceback in Distributed Denial-of-Service Attacks Based on VoIP,TP393.08
  4. A Kernel-Level Intelligent Middleware for Honeypot Filesystem,TP393.08
  5. Fast protocol identification based firewall system design and implementation,TP393.08
  6. Click -based network traffic research honeypot system,TP393.08
  7. Based on Hybrid Honeypot worm confrontation model,TP393.08
  8. The Research of Security Issues in Cognitive Radio Networks,TN915.08
  9. Research on Extension of Web Service to Support QoS,TP393.09
  10. Research on Network Communication Signature Generation Technology of Trojan Horses,TP393.08
  11. IPv6 environment honeypot system research and application,TP393.08
  12. Based on Virtual Honeynet Intrusion Detection System,TP393.08
  13. Application and Research of Intrusion Detection System Base on Honeypot,TP393.08
  14. The Key Technologies of Spectrum Sensing Security in Cognitive Radio Networks,TN925
  15. The Research on Security and Strategy of Computer Network Information,TP393.08
  16. Research and Realization of Campus Network Based on Active Defense,TP393.18
  17. TrojanUrlDetector: a Statistical Analysis Based Trojan URL Detecting System,TP393.08
  18. Research and Implementation of Honeypot Based on Redirection Mechanism,TP393.08
  19. Network Availability Quantification Evaluation and Control Based on Traffic Characteristics,TP393.08
  20. Research and Application of Early Warning System for Network Attacks Based on Honeypot Technology,TP393.08

CLC: > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security
© 2012 www.DissertationTopic.Net  Mobile