On the Design and Implementation of Advanced Prevention Engine against Spyware/Adware

• Main Authors: Yunc-Chang Chang, 張雍昌
• Other Authors: Nen-Fu Huang
• Format: Others
• Language: zh-TW
• Published: 2005
• Online Access: http://ndltd.ncl.edu.tw/handle/41268843575929432492

碩士 === 國立清華大學 === 通訊工程研究所 === 93 === Spyware is a generic term used to identify programs that monitor a computer user’s activities, harvest private data, change a host’s system configurations, deliver unsolicited pop-up advertisements, and often, transmit the stolen information to a designated third party. After viruses and spam, most IT managers and administrators consider spyware as the top network security threat in the future. Based on the location where traditional prevention engines fight against spyware, they can be classified into two types – host-based and network-based. It is critical for a prevention engine to get rid of spyware in the first place. Therefore, we adopt a network-based model that can block spyware/adware in a real-time manner as our prevention engine’s main resource. In this thesis, we construct a framework and depict packet flows through which both incoming and outgoing traffic are filtered to detect malicious spyware. Also, traditional network-based prevention engines incur performance bottlenecks and coverage limitations. In our design, we combine the characteristics of spyware with the advantages of a content-aware switch to improve performance. An extensible software algorithm is incorporated to keep up with the growth of spyware.