摘要
针对恶意程序对计算机用户造成的危害以及其数量上的快速增长,提出了一种基于文件网络通信行为数据的检测系统。重点介绍了基于差异对比法的可疑通信行为检测模型,给出了系统各模块协同工作流程图以及系统中关键技术的实现代码。测试结果表明,该系统具备通信检测、通信进程检测和域名信息检测功能。
In allusion to the damage of baleful program for computer users and its fast growth in quantity, a detection system based on network communication behavior data of one program was proposed. A detection model of suspicious communication behavior based on difference contrast was emphasized. The cooperative work diagram of each module of the system and program code of critical technology of the system were given. The test result shows that the system can detect network communication, communication process and domain name for one program.
出处
《计算机应用》
CSCD
北大核心
2010年第1期210-212,216,共4页
journal of Computer Applications
关键词
恶意程序
网络驱动
通信检测
服务提供者接口
baleful program
network driver
communication detection
Service Provider Interface (SPI)
