Title page for etd-0804118-150656


[Back to Results | New Search]

URN etd-0804118-150656
Author Ze-yu Lin
Author's Email Address No Public.
Statistics This thesis had been viewed 5351 times. Download 0 times.
Department Information Management
Year 2017
Semester 2
Degree Master
Type of Document
Language zh-TW.Big5 Chinese
Title Detecting Malicious Behavior of Process Injection
Date of Defense 2018-07-26
Page Count 50
Keyword
  • Convolutional Neural Network
  • Malware
  • Transfer Learning
  • Dynamic Linked Library
  • Process Injection
  • Advanced Persistent Threats
  • Abstract Enterprises and government agencies are confronted with the threat of Advanced Persistent Threats (APT), which is featured by its concealment. APT attacks can evade detection by means of Process Injection, and then hide in infected computers.
    Process Injection is a skill which can be used to access the resources of the another process and perform privilege escalation by executing code in the memory address space of target process. Process Injection is widely used to evade detection of security products because it is executed in a legal process.
    Malware developers widely use obfuscation techniques for malicious files from the same malware family, resulting in numerous malware variants. The large number of variants not only poses a threat to computer users, but also makes it more difficult for the security personnel to analyze malware. Especially, some benign software also uses Process Injection to inject DLL files, making it more difficult to discriminate malicious files.
    In this paper, a malicious DLL classification system combining dynamic and static analysis and machine learning is proposed. The Windows API related to Process Injection is summarized and used to identify the malware based on Windows Hook mechanism. When the Process Injection behavior is detected, the system will use VirusTotal website and the CNN classification system based on the Inception V3 network to identify whether the injected DLL is a malicious file, so as to assist the security personnel for subsequent analysis.
    Advisory Committee
  • Bo-Chao Cheng - chair
  • Yu-Chen Hu - co-chair
  • Chun-I Fan - co-chair
  • Gu-Hsin Lai - co-chair
  • Chia-Mei Chen - advisor
  • Files
  • etd-0804118-150656.pdf
  • Indicate in-campus at 5 year and off-campus access at 5 year.
    Date of Submission 2018-09-04

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys