資源描述:
《基于行為關聯(lián)的惡意代碼分析技術分析》由會員上傳分享,免費在線閱讀,更多相關內容在工程資料-天天文庫。
1、AbstractWiththerapiddevelopmentofInternettechnology,peopleenjoytheconvenienceofthenetwork,butallkindsofnetworksecurityproblemsfollowatthesametime.Inmanynetworksecurityproblems,maliciouscodeisundoubtedlythebiggestthreat?Itisthefocusofnetworksecurityresearchsubject,
2、somanymethodsofmaliciouscoderesearchhavebeenproposed.Inthispaper,weanalyzetheexistingtechnologyofmaliciouscodeanalysisanddetectionmethodsindetail,andproposeamaliciouscodeanalysistechnologybasedonbehaviorassociation.Wefocusontheabstractdescriptionofmaliciouscodebeh
3、avior,intendingtoclarifytherelationshipbetweenbehaviorsratherthanconsideringthemaliciousnessofasinglebehavi0匚Thepurposeistocomprehensivelyanalyzethemaliciouscodebehaviorandreducethemisjudgmentofmaliciouscode.WeextractthebehaviorpointsofmaliciouscodethroughtheAPI(A
4、pplicationProgrammingInterface)monitoringtechnology,andusefivetuplestoabstractbehaviorpoints,thenusethedatadependenceofbehaviorstoestablisharelationshipshowedbyassociationgraphbetweenbehaviors.Onthebasisoftheassociation,weproposeajudgmentmethodbasedonpushdownautom
5、ata.Wedesignamaliciouscodedetectionprototypesystemcontainingthreelayers,monitoringlayer,organizationlevel,andjudgmentlayer.Weusemaliciouscodesamplesfromourlabtoanalyzethedetectionprototypesystem?Theexperimentalresultsshowthattheprototypesystemcanwelldescribethebeh
6、aviorofthemaliciouscode,andcansuccessfullyidentifymaliciousbehaviorintheprogram.Keywords:Maliciouscode,Behaviormonitor,Behaviorassociation,Pushdownautomation摘要IAbstractII1緒論1.1課題背景和研究意義(1)1.2國內外研究現(xiàn)狀(2)1.3主要研究內容(4)1.4論文組織結構(4)2惡意代碼分類及其檢測技術2.1惡意代碼分類(5)2.2惡意代碼檢測技術(7)
7、2.3本章小節(jié)(11)3基于行為尖聯(lián)的惡意代碼檢測模型3.1關聯(lián)行為的定義(12)3.2關聯(lián)行為的構建(13)3.3關聯(lián)行為的惡意判別(18)3.4本章小節(jié)(22)4基于行為尖聯(lián)的惡意代碼檢測系統(tǒng)設計4.1總體設計(23)4.2監(jiān)控層設計(23)4.3組織層設計(28)4.4判斷層設計(30)4.5本章小節(jié)(31)5實驗及結果分析5.1測試環(huán)境(32)5.2檢測模型的測試(32)5.3本章小節(jié)(37)6總結與展望(38)6.1總結(38)6.2研究展望(38)致謝(40)參考文獻(41)1緒論1.1課題背景和研究意義隨著計
8、算機技術的飛速發(fā)展,計算機已經(jīng)深入到人們生活的各個方面了,計算機的開放性和靈活性帶來了便利也帶來了各種安全性問題,現(xiàn)在病毒、木馬、僵尸網(wǎng)絡等惡意軟件在社會的各行各業(yè)造成的損失屢見不鮮,惡意代碼已經(jīng)成為威脅互聯(lián)網(wǎng)安全的主要因素Z-O據(jù)國家互聯(lián)網(wǎng)應急中心CNCERT2012年中國互聯(lián)網(wǎng)網(wǎng)絡安全報告⑴分析,2