惡意程式入侵的安全鑑別與防制---以Trojan Horse 為例

 

Security Forensics and Empirical Strategies for Preventing from the Intrusion of Trojan Horse

 

王旭正

中央警察大學資訊管理研究所

sjwang@sun4.cpu.edu.tw

 

高大宇

刑事警察局偵九隊

dayu@email.cib.gov.tw

 

摘要

近期視窗型Trojan Horse快速流行,對電腦使用者存有負面的安全危機,為協助電腦使用者阻擋外來的侵入攻擊,適時採行合宜的防制措施,降低受攻擊者的侵害程度,因此我們藉由收集相關Trojan Horse進行實驗模擬,以因應網路資訊犯罪的惡意程式行為。本文嘗試解讀視窗型Trojan Horse的運作特質與實質內容,萃取出較為顯著的攻擊特徵,再透過探討程式的感染實作細節,鑑別出攻擊過程事前、事中及事後不同時期的防護措施,以歸納出共通的標準安全檢核表,作為爾後識別新型惡意Trojan Horse的主要依據。此外,亦藉由觀察相關應用程式及通訊埠的連線目的方式,能事先知道異狀乃入侵之徵兆,以阻斷可疑的入侵事件,進而研擬提升追緝技能的方法,有效解決相關案例發生之處置效能。

 

Abstract

In recent years, the program of Trojan horse on the platform of window system has been emerging in the Internet applications. While the kind of such program is subject to the malicious program to risk the networked computer usage. In this paper, we propose the strategies to curb and lessen the influences when the computer working programs infected by the Trojan horse. The way to compass our conclusions is the collections of a sequence of experimental results. We analyze the execution of the Trojan and the aftermath infected by the Trojan on the window system of PC, in such a way that there are a number of remarkable characteristics of the running Trojan are featured in the course of elaborate experiments. Accordingly, the secure criterion tables are summarized to effectively predict, detect and deter from the possible threats in the three periods of before, middle and after happening. Besides, the relevant application programs and network communication ports open to the user connection in networks are also investigated, in the manner that the feasible mechanisms to withstand the attacks issued from the kinds of malicious programs are then kept trace. The explorations will profit the seizure of computer crime caused from malicious programs.

關鍵詞:電腦駭客、電腦安全、惡意程式、Trojan Horse、安全鑑別