Study on the Active Intrusion Detection Mechanism for Client-Side Drive-by Downloads Based on Distributed Cloud Storage Platform

瀏覽統計 Email 通知 RSS Feed

簡歷

基本資料

Project title

Code/計畫編號

NSC101-2218-E019-005

Translated Name/計畫中文名

基於分散式雲端儲存平台下的主動式用戶端網頁掛碼入侵偵測機制之研究

Project Coordinator/計畫主持人

Han-Yu Lin

Funding Organization/主管機關

National Science and Technology Council

Department/Unit

Department of Computer Science and Engineering

Website

https://www.grb.gov.tw/search/planDetail?id=2673600

Year

2012

Start date/計畫起

01-09-2012

Expected Completion/計畫迄

31-07-2013

Bugetid/研究經費

471千元

ResearchField/研究領域

資訊科學--軟體

偷渡式下載是一種新興的用戶端攻擊手法，其主要是當使用者在瀏覽含有惡意程式碼的網頁時，無須經過使用者授權便可將惡意程式下載至使用者的電腦系統中執行。由於現今駭客常以各種不同的攻擊手法，如Mass SQL Injection 入侵大量具有弱點的伺服器或網站，造成使用者即使瀏覽正常或信任的網頁時，亦有可能遭受植入惡意程式或被竊取帳號密碼。主動式的用戶端誘捕系統可以主動偵測惡意網站，與其產生互動性，進而判別是否具有惡意程式碼，所以可更廣泛有效地蒐集駭客的攻擊資訊。然而，目前整個網際網路的網頁數目至少達到上百億個，若採用傳統關聯式資料庫技術，將無法負荷大量資料存取。結合分散式雲端儲存平台的主動式惡意網頁誘捕系統將可以有效地運用檢測機制之資源、彈性地分配儲存空間並縮短使用者的等待時間。本計劃即致力於分析、建置、整合「基於分散式雲端儲存平台下的主動式用戶端網頁掛碼入侵偵測機制」。三個主要的計畫目的分別為(1).建置基於用戶端誘捕系統的主動式惡意網頁入侵偵測系統； (2).建置基於分散式雲端儲存平台之惡意網頁生命週期監控系統；(3).廣泛蒐集惡意網頁原始碼樣本，期望能強化網際網路的安全並提升使用者的防禦能力。 Drive-by downloads is a new client-side attacks which secretly download malicious programs to user’s computer and execute it without user’s authorization when clients browse the web pages containing malicious source codes. Nowadays hackers often adopt various attacking approaches such as the Mass SQL Injection to invade large amount of servers and websites with weakness, which results in account/password stolen or malware installed in computers even if users browse normal or trusted web pages. Active client-honeypots can actively detect malicious websites, interact with them and identify whether the website contains malware, so as to extensively and effectively collect the hacker information. However, current web pages over the entire Internet have reached to one hundred million as least. If we employ the traditional relational database techniques, the system will not be able to handle the access of large amount of data. An active malicious web detection system combining the distributed cloud storage platform will be able to effectively utilize the resources of computing, flexibly arrange storage space and reduce the waiting time of users. This project is devoted to the analysis, design and integration of active intrusion detection mechanism for client-side drive-by downloads based on distributed cloud storage platform. Three project purposes are (1). the design of active intrusion detection system for malicious web pages based on client-honeypots; (2). the design of life cycle monitor system for malicious web pages based on distributed cloud storage platform; (3). Extensively collect the sample of malicious source codes. We hope to strengthen the Internet security and improve the defense ability of users.

Keyword(s)

分散式雲端儲存平台
偷渡式下載
用戶端誘捕系統
惡意程式
入侵偵測系統
distributed cloud storage platform
drive-by download
client-honeypot
malware
intrusion detection system

DSpace CRIS

Study on the Active Intrusion Detection Mechanism for Client-Side Drive-by Downloads Based on Distributed Cloud Storage Platform

基本資料

Description