국립중앙도서관 "우편 복사 서비스"로 연결 됩니다.
This paper revisits the shellcode embedding problem for PDF files. We found that a popularly used shellcode embedding technique called reverse mimicry attack has not been shown to be effective against well-trained state-of-the-art detectors. To overco...
다국어 입력
あ
ぁ
か
が
さ
ざ
た
だ
な
は
ば
ぱ
ま
や
ゃ
ら
わ
ゎ
ん
い
ぃ
き
ぎ
し
じ
ち
ぢ
に
ひ
び
ぴ
み
り
う
ぅ
く
ぐ
す
ず
つ
づ
っ
ぬ
ふ
ぶ
ぷ
む
ゆ
ゅ
る
え
ぇ
け
げ
せ
ぜ
て
で
ね
へ
べ
ぺ
め
れ
お
ぉ
こ
ご
そ
ぞ
と
ど
の
ほ
ぼ
ぽ
も
よ
ょ
ろ
を
ア
ァ
カ
サ
ザ
タ
ダ
ナ
ハ
バ
パ
マ
ヤ
ャ
ラ
ワ
ヮ
ン
イ
ィ
キ
ギ
シ
ジ
チ
ヂ
ニ
ヒ
ビ
ピ
ミ
リ
ウ
ゥ
ク
グ
ス
ズ
ツ
ヅ
ッ
ヌ
フ
ブ
プ
ム
ユ
ュ
ル
エ
ェ
ケ
ゲ
セ
ゼ
テ
デ
ヘ
ベ
ペ
メ
レ
オ
ォ
コ
ゴ
ソ
ゾ
ト
ド
ノ
ホ
ボ
ポ
モ
ヨ
ョ
ロ
ヲ
―
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
예시)
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
А
Б
В
Г
Д
Е
Ё
Ж
З
И
Й
К
Л
М
Н
О
П
Р
С
Т
У
Ф
Х
Ц
Ч
Ш
Щ
Ъ
Ы
Ь
Э
Ю
Я
а
б
в
г
д
е
ё
ж
з
и
й
к
л
м
н
о
п
р
с
т
у
ф
х
ц
ч
ш
щ
ъ
ы
ь
э
ю
я
′
″
℃
Å
¢
£
¥
¤
℉
‰
$
%
F
₩
㎕
㎖
㎗
ℓ
㎘
㏄
㎣
㎤
㎥
㎦
㎙
㎚
㎛
㎜
㎝
㎞
㎟
㎠
㎡
㎢
㏊
㎍
㎎
㎏
㏏
㎈
㎉
㏈
㎧
㎨
㎰
㎱
㎲
㎳
㎴
㎵
㎶
㎷
㎸
㎹
㎀
㎁
㎂
㎃
㎄
㎺
㎻
㎽
㎾
㎿
㎐
㎑
㎒
㎓
㎔
Ω
㏀
㏁
㎊
㎋
㎌
㏖
㏅
㎭
㎮
㎯
㏛
㎩
㎪
㎫
㎬
㏝
㏐
㏓
㏃
㏉
㏜
㏆
RISS 인기검색어
κ-Depth Mimicry Attack to Secretly Embed Shellcode into PDF Files and the Evaluation and the Countermeasure
한글로보기https://www.riss.kr/link?id=T14574732
- 저자
-
발행사항
서울 : 성균관대학교 일반대학원, 2017
-
학위논문사항
Thesis(Master) -- 성균관대학교 일반대학원 , 소프트웨어플랫폼학과
-
발행연도
2017
-
작성언어
영어
-
주제어
Security ; Malware ; PDF ; Shellcode ; Mimicry Attack
-
발행국(도시)
대한민국
-
형태사항
45 ; 26 cm
-
일반주기명
지도교수: 김형식
-
소장기관
- 성균관대학교 중앙학술정보관
- 성균관대학교 중앙학술정보관
-
0
상세조회 -
0
다운로드
부가정보
다국어 초록 (Multilingual Abstract)
This paper revisits the shellcode embedding problem for PDF files. We found that a popularly used shellcode embedding technique called reverse mimicry attack has not been shown to be effective against well-trained state-of-the-art detectors. To overcome the limitation of the reverse mimicry method against existing shellcode detectors, we extend the idea of reverse mimicry attack to a more generalized one by applying the ��-depth mimicry method to PDF files. We implement a proof-of-concept tool for the ��-depth mimicry attack and show its feasibility by generating shellcode-embedded PDF files to evade the best known shellcode detector (PDFrate) with three classifiers. The experimental results show that all tested classifiers failed to effectively detect the shellcode embedded by the ��-depth mimicry method when �� ≧ 20. As the countermeasure of our ��-depth mimicry attack, we propose a novel PDF parser toolkit to approach a suspicious PDF document files from different aspects, functioning object-by-object analysis. We implement the toolkit named ‘PDF Antagonist’ as the result, and demonstrate the effectiveness.
목차 (Table of Contents)
- ABSTRACT
- 1 Introduction
- 1-1 Overview
- 1-2 Contributions
- ABSTRACT
- 1 Introduction
- 1-1 Overview
- 1-2 Contributions
- 1-3 Organization of the Paper
- 2 Background
- 2-1 Object, categorized by Types
- 2-2 File Structure
- 2-3 Document Structure
- 2-4 Common Shellcode Types
- 3 Related Work
- 3-1 Malicious PDF Detection Techniques
- 3-2 Evasion of Malicious PDF Detection Techniques
- 4 K-Depth Mimicry Attack
- 5 Experiments
- 5-1 Evaluation of ��-depth Mimicry based on Commonplace Object Dictionary
- 5-2 Evaluation of ��-depth Mimicry based on Self-built Objects Dictionary
- 5-3 Comparison to Evaluation Result
- 6 Countermeasure
- 7 Conclusion
- References
- 논문요약(국문초록)
분석정보
이 자료와 함께 이용한 RISS 자료
나만을 위한 추천자료
