網路勒索病毒的特徵分析與知識本體模型建構
Abstract
近年隨著連網行動裝置與無線感測技術普遍化,帶動物聯網(Internet of Thing, IoT)與雲端服務的整合契機,通常物聯網設備使用精簡型的作業系統,無法安裝掃毒引擎,加上管理者缺乏持續的作業系統更新,容易產生資安漏洞並遭受攻擊,可以成為駭客攻擊的網路跳板,並造成企業或個人隱私資訊外洩!故本研究以樹莓派實作一個物聯網為基礎之智慧家庭的資網路防護系統,針對近期發生的勒索病毒(Ransomware)威脅,透過Cuckoo 沙盒分析攻擊特徵(attack vectors),再運用正規化概念分析 (Formal Concept Analysis, FCA)建構勒索病毒之知識本體模型(ontological model),其目的是希望能建立電腦病毒知識本體為一概念化的正規抽象模型,明確定義病毒與攻擊行為間之關聯,作為病毒類別與變種鑑定的參考依據,以強化析網路病毒防護與資安管理。
The growing popularity of employing of the mobile device enables the development of the Internet of Thing (IoT). Generally, IoT devices use an embedded operating system, cannot completely install anti-virus engines, and uers have not continuously updated the operating system. Consequently, system vulnerabilities prone to attacks and may lead to the privacy of business or personal information leakage. Accordingly, the present study proposes an IoT-based security defence system with Raspberry Pi to analyse the attack vectors of Ransomware using Cuckoo malware dynamic analysis platform. Importantly, an ontology-based method for developing domain ontologies using Formal Concept Analysis (FCA) technique is proposed. Experimental data show that our model is capable of performing the missions including of i) explicitly identifying the relations between Ransomware and their malicious behavior , ii) categorizing the Ransomware and the variations, and (iii) assist manager analyse the security controls for virus protection from cyber threats.
Hsiao-Chung Lin, Ping Wang, Wei-Qian Hong, "網路勒索病毒的特徵分析與知識本體模型建構," Communications of the CCISA, vol. 25, no. 2 , pp. 37-58, May. 2019.
Full Text:
PDFRefbacks
- There are currently no refbacks.
Published by Chinese Cryptology and Information Security Association (CCISA), Taiwan, R.O.C
CCCISA Editorial Office, No.1, Sec. 1, Shennong Rd., Yilan City, Yilan County 260, Taiwan (R.O.C.)
E-mail: ccisa.editor@gmail.com