以資訊隱藏分析爲基礎之惡意程式偵測技術

A Steganalysis-Based Technique for Malicious Code Detection

10.6459/JCM.200809_5(2).0003

劉江龍(C.-L. Liu)；江天賜(T.-T. Chiang)

資訊隱藏 ； 藏密學 ； 資訊隱藏分析 ； 緩衝區溢位攻擊 ； 支援向量機 ； information hiding ； steganography ； steganalysis ； buffer overflow attack ； support vector machine

危機管理學刊

5卷2期（2008 / 09 / 01）

21 - 30

繁體中文

網際網路的普及使得緩衝區溢位攻擊成爲駭客最喜歡的攻擊技術之一，也成爲目前資訊安全領域中十分關注的問題。而利用緩衝區溢位進行攻擊程式也因而成爲防毒軟體防堵的焦點之一。有報導顯示，已有惡意的緩衝區溢位攻擊程式隱藏在圖檔內以躲避防毒軟體的偵測。資訊隱藏偵測技術則是以統計分析的方式來發掘隱藏訊息的存在。本論文目的即在提出一種以資訊隱藏分析爲基礎的惡意程式偵測技術來偵測隱藏在圖檔內的惡意程式碼。本技術同時結合支援向量機，提供自動化判斷機制，以解決使用資訊隱藏偵測技術時必須調整參數的困擾。實驗結果顯示，本技術可以有效的偵測出隱藏在圖檔內的惡意程式碼。本論文之研究成果可結合防毒軟體，以防止類似資安事件的發生。

The popularization of the Internet has made the buffer overflow attack become one of the favorite attacks used by hackers and the most concern in the information security field. Therefore, the buffer overflow attack also becomes one of the foci of the antivirus software nowadays. It is reported that there has been malicious buffer overflow codes embedded in the digital images to avoid the detection of anti-virus systems. Steganalytic techniques use statistical analysis to detect the existence of the embedded information. The purpose of this paper is to propose a steganalysis-based technique to detect the embedded malicious code. Meanwhile, the support vector machine (SVM) is integrated with the proposed technique to provide an automatic mechanism to solve the problem of tuning the parameters used in the proposed technique. Experimental results show that the proposed technique can effectively detect the malicious code embedded in the innocent images. The achievement of this study can be integrated with antivirus software to avoid this kind of information security accidents.

1. 劉江龍、婁德權、江天賜、李建中、曾馭(2007)。以資訊隱藏為基礎之惡意程式攻擊技術。2007危機管理國際學術研討會論文集，台中:
   連結：
2. Steganos
3. CBIR Image Database
4. S-Tools
5. Hide and Seek
6. Jpeg-steg
7. EzStego
8. Bender, W.,Gruhl, D.,Morimoto, N.,Lu, A.(1996).Techniques for Data Hiding.IBM Systems Journal,35(3-4),313-337.
9. Chen, T.-S.,Chang, C.-C.,Hwang, M.-S.(1998).A Virtual Image Cryptosystem Based Upon Vector Quantization.IEEE Transactions on Image Processing,7(10),1485-1488.
10. Microsoft Security Bulletin MS04-028
11. Mielikainen, J.(2006).LSB Matching Revisited.IEEE Signal Processing Letters,13(5),285-287.
12. Salzberg, S. L.(1997).On Comparing Classifiers: Pitfalls to Avoid and a Recommended Approach.Data Mining and Knowledge Discovery,1(3),317-327.
13. W32.Perrun
14. Vapnik, V. N.(1995).The Nature of Statistical Learning Theory.Germany:Springer-Verlag.
15. Walton, S.(1995).Image Authentication for a Slippery New Age.Dr. Dobb's Journal,20(4),18-26.
16. Westfeld, A.,Pfitzmann, A.(1999).Attacks on Steganographic Systems.Proceedings of the 3rd International Workshop on Information Hiding.
17. 陳同孝、張真誠、黃國峰(2003)。數位影像處理技術。台北:旗標出版股份有限公司。