期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于行为分析和特征码的恶意代码检测技术 被引量:10

Technique of detecting malicious executables via behavioral and binary signatures
下载PDF
导出
摘要 提出一种新的恶意代码检测技术,能自动检测和遏制(未知)恶意代码,并实现了原型系统。首先用支持向量机对恶意代码样本的行为构造分类器,来判断样本是否是恶意代码,同时对恶意代码提取出特征码。运行在主机的代理利用特征码识别恶意代码并阻断运行。为了精确分析程序行为,将程序放入虚拟机运行。实验结果表明,相对于朴素贝叶斯和决策树,系统误报率和漏报率均较低,同时分布式的系统架构加快了遏制速度。 This paper proposed a new approach that could effectively detect and restrict(unknown) malware,and implemented a prototype system.First,used support vector machine to build classifier,which could judge whether a program was malicious or not,and extracted the malware's signature.Agents running in host could detect malware and stop its execution.To analyze precise behaviors,put samples in virtual machines for executions.Experiment results show compared with naive Bayes and decision tree,our system yields low false positives as well false negatives,and the distributed architecture accelerates restriction.
作者 李华 刘智 覃征 张小松
机构地区 清华大学计算机科学与技术系 [ 电子科技大学计算机科学与工程学院
出处 《计算机应用研究》 CSCD 北大核心 2011年第3期1127-1129,共3页 Application Research of Computers
基金 国家自然科学基金资助项目(60673024) 国防"十一五"预研基金资助项目(102060206 402040202)
关键词 恶意代码 行为分析 特征码 虚拟机 malware behavioral analysis binary signatures virtual environment
分类号 TP309.5 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1MCGRAW G,MORRISETT G.Attacking malicious node:a report to the infosec research council[J].IEEE Software,2000,17(5):33-41.
  • 2LEE W,STOLFO S J,MOK K W.A data mining framework for building intrusion detection models[C] //Proc of IEEE Security and Privacy.1999:120-132.
  • 3VX heavens[EB/OL].(2010)[2007].http://vx.netlux.org.
  • 4ROESCH M.Snort-lightweight intrusion detection for networks[C] // Proc of the 13th USENIX Conference on System Administration.1999:229-238.
  • 5WAGNER D,SOTO P.Mimicry attacks on host based intrusion detection systems[C] //Proc of the 9th ACM Conference on Computer and Communications Security.New York:ACM,2002:255-264.
  • 6HOFMEYR S A,FORREST S,SOMAYAJI A.Intrusion detection using sequences of system calls[J].Journal of Computer Security,1998,6(3):151-180.
  • 7JON H,PASCAL M.Can source code auditing software identify common vulnerabilities and be used to evaluate software security[C] // Proc of the 37th Annual Hawaii International Conference on System Sciences.2004:4405-4414.
  • 8SEKAR R,BENDRE M,DHURJATI D,et al.A fast automaton-based method for detecting anomalous program behaviors[C] //Proc of IEEE Symposium on Security and Privacy.Washington DC:IEEE Computer Society,2001:144-155.
  • 9BAYER U,KRUEGEL C,KIRDA E.TTAnalyze:a tool for analyzing malware[C] //Proc of the 15th European Institute for Computer Antivirus Research Annual Conference.2006:1-12.
  • 10刘巍伟,石勇,郭煜,韩臻,沈昌祥.一种基于综合行为特征的恶意代码识别方法[J].电子学报,2009,37(4):696-700. 被引量:29

二级参考文献16

  • 1王辉,刘淑芬.一种可扩展的内部威胁预测模型[J].计算机学报,2006,29(8):1346-1355. 被引量:22
  • 2苏璞睿,冯登国.基于进程行为的异常检测模型[J].电子学报,2006,34(10):1809-1811. 被引量:17
  • 3CNCERT/CC.CNCERT/CC 2007年上半年网络安全工作报告[OL].http://www.cen.org.cn/UserFiles/File/CNCERTCC200701.pdf,2008.
  • 4Trusted Computing Group. TCG Specification Architecture Overview Specification Revision 1.2[ S]. https://www. trustedcomputinggroup. org. Apt 2004.
  • 5L M Adleman. An abstract theory of computer viruses[ J] .Lecture Notes in Computer Science, 1990,403:109- 115.
  • 6F Cohen,Computer viruses:Theory and experiments[J]. Computers and Security, 1987,6(1) : 22 - 35.
  • 7M Christodorescu, S Jha. Static Analysis of Executables to Detect Malicious Pattems[ A ]. Proceedings of the 12th USENIX Security Symposium[ C]. Washington DC, August 2003. 169 - 186.
  • 8J Bergeron,M Debbabi, J Desharnais,M Erhioui, Y Lavoie,N Tawbi. Static detection of malicious code in executable programs[ A]. In: 1st Symposium on Requirements Engineering for Information Security[ C]. Indianapolis, 2001.525 - 530.
  • 9W Landi. Undecidability of static analysis[ A]. ACM Letters on Programming Languages and Systems (LOPLAS) [ C ]. ACM Press, 1992.323 - 337.
  • 10E M Myers. A precise interprocedural data flow algorithm[ A]. In Conference Record of the 8th Annual ACM Symposium on Principles of Programming Languages ( POPL' 81 ) [ C]. ACM Press, 1981.219 - 230.

共引文献28

同被引文献108

引证文献10

二级引证文献23

计算机应用研究
2011年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部