| Summary: | 碩士 === 正修科技大學 === 電子工程研究所 === 98 === Popularity of Internet brings life convenience for people, but also makes serious problems in information security. The crisis is mainly introduced by automatic malware tools which evolve rapidly and spread wildly. The production rate of polymorphic malware is much larger than that of virus signatures such that anti-virus applications are hard to handle. IT pros may use behavior based detection system, for example HIPS (i.e. Host Intrusion Prevention System), to enhance security. But HIPS still has drawbacks such as false alarms, complicated rules, and big resource consumption that make HIPS not easy to popularize.
A brand-new information security application MB (i.e. Malware Blocker) is designed based on ideas of “malware must-do behavior” and “time-discrimination”. The term “malware must-do behavior” means autostart registration which all malware always do to occupy the intruded computer. Once the autostart registering behavior is intercepted by MB, a warning dialog prompts to notify user of the incident program. If user is not installing above mentioned program right now, this means “time-discrimination”, then user can intuitively click the “No” button to let MB cancel autostart registration, and then reboot to prevent the computer from being occupied by malware.
The malware must-do behavior of autostart registration is indeed observed from virus analysis technical reports announced by anti-virus factories. Experiment demonstrates that MB gets 95% detection rate on unknown virus detection. In general, MB shows advantages such as high detection rate, low false alarm rate, simple interface, low resource consumption and free of charge. Through popularization of MB on PCs, information security can be ensured and a good network environment can be maintained by reducing the botnet impact.
|
|---|
