以資訊隱藏為基礎之惡意程式攻擊技術

劉江龍 (Chiang-Lung Liu) 、婁德權 (Der-Chyuan Lou) 、江天賜 (Tien-Tzu Chiang) 、李建中 (Chien-Chung Lee) 、曾馭 (Yu Tseng)

國防大學 理工學院

Chung Cheng Institute of Technology, National Defense University


摘要

    網際網路的普及使得緩衝區溢位攻擊成為駭客最喜歡的攻擊技術之一,也成為目前資訊安全領域中十分重視的問題。資訊隱藏技術可以將秘密訊息隱藏在一般的數位影像、聲音或動態影像內,以躲避人類感官的察覺。有報導顯示,已有惡意的緩衝區溢位程式隱藏在圖檔內以躲避防毒軟體的偵測。本文即在研究及實作一種以資訊隱藏為基礎的緩衝區溢位攻擊技術。首先將可產生緩衝區溢位攻擊的程式碼嵌入至掩護圖檔之中,再利用模擬的影像處理程式萃取隱藏在掩護圖檔內的惡意程式碼,並進行緩衝溢位攻擊。實驗結果顯示,本文提出的以資訊隱藏為基礎的緩衝區溢位攻擊技術可以有效躲避人類視覺系統及防毒軟體的偵測,同時可以有效發動緩衝區溢位攻擊。本研究可作為資訊安全學界及業界進一步研究預防此類型攻擊之參考。

關鍵字 :緩衝區溢位攻擊、資訊隱藏、藏密學、惡意程式

 

Abstract

Because of the popularization of the Internet, the buffer overflow attack has become one of the favorite attacks of hackers and the most concern in the information security field.

Steganography can hide the secret information in digital images, audios or videos to avoid the detection of the human sensory system. Therefore, it is reported that there has been malicious buffer overflow code embedded in the digital images to avoid the detection of anti-virus systems. This paper is to study and realize an information hiding-based buffer overflow attack. First, the malicious code which can result in a buffer overflow attack is embedded in a cover image. A simulative image processing program is then used to extract the embedded malicious code and perform the buffer overflow attack.

Experimental results show that the proposed information hiding-based buffer overflow attack can effectively avoid both the detection of human visual system and various antivirus systems. Moreover, the proposed attack can also effectively launch a certain buffer overflow attack. The achievement of this study can be referred when developing prevention methods of such an attack.

Keywords: buffer overflow attack, information hiding, steganography, malicious code.