| 题名 |
以資訊隱藏爲基礎之惡意程式攻擊技術 |
| 并列篇名 |
An Information Hiding-Based Malicious Attack |
| DOI |
10.6459/JCM.200803_5(1).0002 |
| 作者 |
劉江龍(C.-L. Liu);婁德權(D.-C. Lou);江天賜(T.-T. Chiang);李建中(C.-C. Lee);曾馭(Y. Tseng) |
| 关键词 |
緩衝區溢位攻擊 ; 資訊隱藏 ; 藏密學 ; 惡意程式 ; buffer overflow attack ; information hiding ; steganography ; malicious code |
| 期刊名称 |
危機管理學刊 |
| 卷期/出版年月 |
5卷1期(2008 / 03 / 01) |
| 页次 |
13 - 22 |
| 内容语文 |
繁體中文 |
| 中文摘要 |
網際網路的普及使得緩衝區溢位攻擊成爲駭客最喜歡的攻擊技術之一,也成爲目前資訊安全領域中十分重視的問題。資訊隱藏技術可以將秘密訊息隱藏在一般的數位影像、聲音或動態影像內,以躲避人類感官的察覺。有報導顯示,已有惡意的緩衝區溢位程式隱藏在圖檔內以躲避防毒軟體的偵測。本文即在研究及實作一種以資訊隱藏爲基礎的緩衝區溢位攻擊技術。首先將可產生緩衝區溢位攻擊的程式碼嵌入至掩護圖檔之中,再利用模擬的影像處理程式萃取隱藏在掩護圖檔內的惡意程式碼,並進行緩衝溢位攻擊。實驗結果顯示,本文提出的以資訊隱藏爲基礎的緩衝區溢位攻擊技術可以有效躲避人類視覺系統及防毒軟體的偵測,同時可以有效發動緩衝區溢位攻擊。本研究可作爲資訊安全學界及業界進一步研究預防此類型攻擊之參考。 |
| 英文摘要 |
Because of the popularization of the Internet, the buffer overflow attack has become one of the favorite attacks of hackers and the most concern in the information security field. Steganography can hide the secret information in digital images, audios or videos to avoid the detection of the human sensory system. Therefore, it is reported that there has been malicious buffer overflow code embedded in the digital images to avoid the detection of anti-virus systems. This paper is to study and realize an information hiding-based buffer overflow attack. First, the malicious code which can result in a buffer overflow attack is embedded in a cover image. A simulative image processing program is then used to extract the embedded malicious code and perform the buffer overflow attack. Experimental results show that the proposed information hiding-based buffer overflow attack can effectively avoid both the detection of human visual system and various antivirus systems. Moreover, the proposed attack can also effectively launch a certain buffer overflow attack. The achievement of this study can be referred when developing prevention methods of such an attack. |
| 主题分类 |
社會科學 >
管理學 |
| 参考文献 |
|
