The Study on Developing Linux Virus and Worm Knowl-edge and Its Management

碩士 === 中國文化大學 === 資訊管理研究所 === 94 === Rapid development of technology and internet yields behaviors of viruses and worms varied from time to time. It does not have any efficient method which can both effectively detect viruses and/or worms and also prevent damages caused by viruses and/or worms nowad...

Full description

Bibliographic Details
Main Authors: En-Chao Hsu, 許恩召
Other Authors: Chong-Yen Lee
Format: Others
Language:zh-TW
Published: 2006
Online Access:http://ndltd.ncl.edu.tw/handle/53694424438557917478
id ndltd-TW-094PCCU0396027
record_format oai_dc
spelling ndltd-TW-094PCCU03960272016-06-01T04:14:19Z http://ndltd.ncl.edu.tw/handle/53694424438557917478 The Study on Developing Linux Virus and Worm Knowl-edge and Its Management Linux病毒與蠕蟲的知識建構及管理 En-Chao Hsu 許恩召 碩士 中國文化大學 資訊管理研究所 94 Rapid development of technology and internet yields behaviors of viruses and worms varied from time to time. It does not have any efficient method which can both effectively detect viruses and/or worms and also prevent damages caused by viruses and/or worms nowadays. Virus and/or worm programs, just like other ordi-nary programs, have many instructions in each program. All the instructions in the specific program are executed in sequence. The major difference between virus and/or worm programs and ordinary programs is that the behaviors of instructions in virus and/or worm programs can harm the host system but the behaviors of in-structions in ordinary programs will not. Linux is an open system, not like in closed system, virus and/or worm pro-grams can easily be created and metamorphic virus and/or worm programs can also be easily developed. In the research, 63 networked Linux virus and/or worm pro-grams are collected and analyzed to explore the behaviors of viruses and worms. Knowledge of virus and/or worm behaviors is used to develop a knowledge base which can be applied to detect networked virus and/or worm programs. There are there steps to develop the knowledge base. The first is reverse engi-neering step which disassembles virus and/or worm programs and discovers all in-struction codes and their execution sequences of these programs. The second step builds behavior segments by analyzing instruction codes from the first step. The third step generates virus and/or worm cases and develops the knowledge base. The case-based reasoning technique along with the knowledge base is applied to detect virus and/or worm programs. In order to prove the efficiency of the method, a set of 20 virus and/or worm programs and a set of 10 ordinary programs are em-ployed. The outcome is quite convincible. The approach presented in this research can reduce the quantity of virus and/or data comparing with other traditional methods. The self-learning method allows the enhancement of the knowledge base form time to time. Chong-Yen Lee 李中彥 2006 學位論文 ; thesis 77 zh-TW
collection NDLTD
language zh-TW
format Others
sources NDLTD
description 碩士 === 中國文化大學 === 資訊管理研究所 === 94 === Rapid development of technology and internet yields behaviors of viruses and worms varied from time to time. It does not have any efficient method which can both effectively detect viruses and/or worms and also prevent damages caused by viruses and/or worms nowadays. Virus and/or worm programs, just like other ordi-nary programs, have many instructions in each program. All the instructions in the specific program are executed in sequence. The major difference between virus and/or worm programs and ordinary programs is that the behaviors of instructions in virus and/or worm programs can harm the host system but the behaviors of in-structions in ordinary programs will not. Linux is an open system, not like in closed system, virus and/or worm pro-grams can easily be created and metamorphic virus and/or worm programs can also be easily developed. In the research, 63 networked Linux virus and/or worm pro-grams are collected and analyzed to explore the behaviors of viruses and worms. Knowledge of virus and/or worm behaviors is used to develop a knowledge base which can be applied to detect networked virus and/or worm programs. There are there steps to develop the knowledge base. The first is reverse engi-neering step which disassembles virus and/or worm programs and discovers all in-struction codes and their execution sequences of these programs. The second step builds behavior segments by analyzing instruction codes from the first step. The third step generates virus and/or worm cases and develops the knowledge base. The case-based reasoning technique along with the knowledge base is applied to detect virus and/or worm programs. In order to prove the efficiency of the method, a set of 20 virus and/or worm programs and a set of 10 ordinary programs are em-ployed. The outcome is quite convincible. The approach presented in this research can reduce the quantity of virus and/or data comparing with other traditional methods. The self-learning method allows the enhancement of the knowledge base form time to time.
author2 Chong-Yen Lee
author_facet Chong-Yen Lee
En-Chao Hsu
許恩召
author En-Chao Hsu
許恩召
spellingShingle En-Chao Hsu
許恩召
The Study on Developing Linux Virus and Worm Knowl-edge and Its Management
author_sort En-Chao Hsu
title The Study on Developing Linux Virus and Worm Knowl-edge and Its Management
title_short The Study on Developing Linux Virus and Worm Knowl-edge and Its Management
title_full The Study on Developing Linux Virus and Worm Knowl-edge and Its Management
title_fullStr The Study on Developing Linux Virus and Worm Knowl-edge and Its Management
title_full_unstemmed The Study on Developing Linux Virus and Worm Knowl-edge and Its Management
title_sort study on developing linux virus and worm knowl-edge and its management
publishDate 2006
url http://ndltd.ncl.edu.tw/handle/53694424438557917478
work_keys_str_mv AT enchaohsu thestudyondevelopinglinuxvirusandwormknowledgeanditsmanagement
AT xǔēnzhào thestudyondevelopinglinuxvirusandwormknowledgeanditsmanagement
AT enchaohsu linuxbìngdúyǔrúchóngdezhīshíjiàngòujíguǎnlǐ
AT xǔēnzhào linuxbìngdúyǔrúchóngdezhīshíjiàngòujíguǎnlǐ
AT enchaohsu studyondevelopinglinuxvirusandwormknowledgeanditsmanagement
AT xǔēnzhào studyondevelopinglinuxvirusandwormknowledgeanditsmanagement
_version_ 1718286455709630464