簡易檢索 / 詳目顯示
| 研究生: |
張嘉琚 Chang, Chia-Chu |
|---|---|
| 論文名稱: |
基於 Mitre ATT&CK 的勒索軟體偵測機制之研究 On the Study of Ransomware Detection Mechanism based on Mitre ATT&CK |
| 指導教授: |
楊竹星
Yang, Chu-Sing |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2022 |
| 畢業學年度: | 110 |
| 語文別: | 英文 |
| 論文頁數: | 28 |
| 中文關鍵詞: | 勒索軟體 、Mitre ATT&CK |
| 外文關鍵詞: | ransomware, Mitre ATT&CK |
| 相關次數: | 點閱:86 下載:11 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
資安攻擊造成的損害近年大幅增加,其中勒索軟體傷害不小,故若能成功防範可減少很多損失。這篇論文先整理了在分析資安攻擊的時候,不同論文對於事件的定義。使用廣泛運用的Mitre ATT&CK的分類方法來分析三種勒索軟體攻擊時的行為,勒索軟體分別是darkside、avoddon和REvil。
用VM VirtualBox實際觀測REvil勒索軟體在windows系統的感染過程引發的事件,推論勒索軟體的可能特徵,提供尋找未發現勒索軟體模式的參考。
The damage caused by information security attacks has increased significantly in recent years, among which ransomware damage is not small, so if we can successfully prevent it, we can reduce a lot of losses. This thesis first sorts out the definitions of events in different papers when analyzing information security attacks. The widely used classification method of Miter ATT&CK is used to analyze the behavior of three ransomware attacks, namely darkside, avoddon and REvil.
We use VM VirtualBox to observe the events caused by the REvil ransomware infection process in the windows system, infer the possible characteristics of the ransomware, and provide a reference for finding the ransomware pattern that has not been found.
[1] Abi Tyas Tunggal. What is the cost of a data breach in 2022? https://www.
upguard.com/blog/cost-of-data-breach,, 2022.
[2] Trend Micro Research. Cyberattacks are prominent in the russia-
ukraine conflict. https://www.trendmicro.com/en_us/research/22/c/
cyberattacks-are-prominent-in-the-russia-ukraine-conflict.html,
2022.
[3] Intrusion detection system (ids) vs intrusion prevention system
(ips). https://www.checkpoint.com/cyber-hub/network-security/
what-is-an-intrusion-detection-system-ids/ids-vs-ips/,, 2022.
[4] Kleber Stroeh, Edmundo Roberto Mauro Madeira, and Siome Klein Goldenstein.
An approach to the correlation of security events based on machine learning tech-
niques. Journal of Internet Services and Applications, 4:1–16, 2013.
[5] Adel Alshamrani, Ankur Chowdhary, Oussama Mjihil, Sowmya Myneni, and Di-
jiang Huang. Combining dynamic and static attack information for attack trac-
ing and event correlation. In 2018 IEEE Global Communications Conference
(GLOBECOM), pages 1–7. IEEE, 2018.
[6] Andrey Fedorchenko, Igor Kotenko, and Didier El Baz. Correlation of security
events based on the analysis of structures of event types. In 2017 9th IEEE
international conference on intelligent data acquisition and advanced computing
systems: technology and applications (IDAACS), volume 1, pages 270–276. IEEE,
2017.
[7] CVSS. Common Vulnerability Scoring System SIG. https://www.first.org/
cvss/, accessed 2022-04-28.
[8] MITRE. MITRE ATT&CK. https://attack.mitre.org/, accessed 2022-09-13.
[9] Blake E Strom, Andy Applebaum, Doug P Miller, Kathryn C Nickels, Adam G
Pennington, and Cody B Thomas. Mitre att&ck: Design and philosophy. In
Technical report. The MITRE Corporation, 2018.
[10] APriya Ravindran. Darkside ransomware: Further threat associa-
tions unearthed. https://cybersecurityworks.com/blog/ransomware/
darkside-ransomware-threat-associations-unearthed.html,, 2021.
[11] MITRE. Revil. https://attack.mitre.org/software/S0496/, accessed 2023-
01-20.
校內:立即公開校外:立即公開