99級-林庭弘-以逆向工程偵測惡意代碼行為

99級-林庭弘-以逆向工程偵測惡意代碼行為

[ 摘要 ]
過去幾年來惡意程式的數量和破壞能力已成倍數成長，惡意程式開始使用代碼混淆技術、加密和加殼技術來躲避防毒軟體的特徵碼偵測。目前很多惡意作者都是使用加殼技術加密惡意程式，以躲避防毒軟體的檢測，所以惡意程式加殼已成為現今防毒公司最具挑戰性的問題。
如何去偵測惡意加殼程式，本研究提出使用Entropy和其他的輔助特徵來檢測加殼程式，並使用靜態特徵與動態特徵來偵測惡意加殼程式。實驗結果，本研究能即時偵測出代碼混淆技術、加殼和加殼技術，並能有效區分善意加殼程式和惡意加殼程式的差別。

[ 英文摘要 ]
In the past few years, the amount of the malicious program and the capability of destruction have become more and more. Malicious programs and their writers are also staring to use the packed technology of encryption and code obfuscation to avoid the detection from anti-virus software. Therefore, the packed technology has become a challenging problem to the anti-virus company.
How to detect the malicious packed program is also the important issue of researches of the information security. This study uses the encryption and the other assistant feature to help the detection to malicious packed program. Furthermore, there has use the combination of the static and dynamic feature to detect the malicious packed program. The result of this study shows that the packed technology of encryption and code obfuscation could be detected more efficiency and the different between the friendly packed program and the malicious packed program can also be identified more operative.