| 摘要: | Symantec2007下半年「全球網路安全威脅研究報告」中指出,2007年新惡意碼(Malicious Code)較2006年成長4.68倍,共計711,912個。目前資安設備雖有日誌檔供管理者查詢,但依目前惡意碼產生的速度,事後追蹤往往已造成資訊安全防護上的漏洞,因此本研究搜集淡江大學Symantec防毒伺服器之日誌檔,分析惡意碼在校園中的趨勢,運用安全營運中心(Security Operation Center)-ArcSight系統建置即時監控儀表板,掌握校園惡意碼感染行為。
研究發現,實際感染電腦主機之惡意碼主要來自:使用者不當之上網行為,佔82.67%;惡意碼新增速度太快,防毒廠商尚未製造相對應病毒碼,佔17.33%;電腦主機因啟動Symantec防毒軟體而未自動更新病毒碼而中毒為0%;2007年由Symantec建立的病毒碼中,12.3%新惡意碼未有相對應之病毒碼,而淡江大學2008年實際感染惡意碼數量,發現25.76%來自於新惡意碼;異常惡意碼數量增加主要來自同一主機持續感染且以特洛伊木馬為首要來源;再結合惡意碼即時監控平台之建置,讓管理者能準確掌控校園電腦使用情形,包含每日惡意碼數量、主機感染惡意碼現況與最常感染之惡意碼排名,期望透過瞭解校園惡意碼趨勢並提供一個監控平台,供管理者掌控校園電腦主機被惡意碼感染之現況。
During the second half of 2007, Symantec 2007 of "Global Internet Security Threat Report," indicated the new malicious code growth has become 4.68 times larger than 2006, overall 711,912 pieces. Although the information security equipment provides query log file for the information security manager, but according to the current speed of malicious code generation, it’s too little to late for us to tracking the malicious code owing to the fact the malicious code has resulted in information security weakness. Therefore, in this study, we had been collecting Symantec antivirus server log files of the Tamkang University, analyzing the malicious code growth on campus and used security operations center (SOC) -ArcSight system build real-time to monitor the malicious code infection acts on campus.
. As the matter of fact, the research turn out that the actual infection of the host computer is mainly caused by the misbehavior of the current internet users, accounting for 82.67%、Malicious code increased too fast, anti-virus vendors have not invented the corresponding virus solutions, accounting for 17.33%、Mainframe computer was not updated virus definitions, accounting for 0%. Abnormal increase in the number of malicious code from the same host, and the continuous infection of the Trojan horse is in the majority.
Finally, combined with real-time monitoring of malicious code on the build platform, so managers can accurately control the use of campus computer, including daily number of malicious code, host infected with malicious code and the status of the most common malicious code infection rankings. Expectations of the campus through an understanding of the trend of malicious code to monitor and provide a monitor platform for the management control of the campus mainframe computer has been infected with malicious code on the current situation. |
