http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
박재우 성균관대학교 일반대학원 2017 국내석사
This paper revisits the shellcode embedding problem for PDF files. We found that a popularly used shellcode embedding technique called reverse mimicry attack has not been shown to be effective against well-trained state-of-the-art detectors. To overcome the limitation of the reverse mimicry method against existing shellcode detectors, we extend the idea of reverse mimicry attack to a more generalized one by applying the -depth mimicry method to PDF files. We implement a proof-of-concept tool for the -depth mimicry attack and show its feasibility by generating shellcode-embedded PDF files to evade the best known shellcode detector (PDFrate) with three classifiers. The experimental results show that all tested classifiers failed to effectively detect the shellcode embedded by the -depth mimicry method when ≧ 20. As the countermeasure of our -depth mimicry attack, we propose a novel PDF parser toolkit to approach a suspicious PDF document files from different aspects, functioning object-by-object analysis. We implement the toolkit named ‘PDF Antagonist’ as the result, and demonstrate the effectiveness.