摘要
恶意程序检测是信息安全技术研究的重要内容,基于程序行为特征的检测可以弥补二进制特征码检测方法的很多不足。使用模型检验技术可以对程序的操作行为做属性验证,它需要对目标程序进行建模,得到一个符合克里普克结构的迁移系统。通过对模型检验技术和克里普克结构的研究分析,提出了一种以完整控制流信息为基础、采用贪婪归一策略的克里普克迁移系统生成方法。测试分析表明,利用该方法生成的迁移系统可以完整地描述控制流信息,也可以精确地刻画系统状态的改变。
Malware detection is an important part of information security technology.The detection based on program behavior characteristics can remedy the limits of binary signature detection method.Model checking technology can verifya program's specific behavior property,which requires a model for the target program,in order to obtain a transition system which is coincident with Kripke structure.Current model checking technology and Kripke structure were tho-roughly analyzed,and then the method of generating Kripke structure was proposed,which is based on the full control flow information and greed strategy.The generated transition system can fully represent the control flow information and describe the changes of target system status.
出处
《计算机科学》
CSCD
北大核心
2012年第6期93-97,共5页
Computer Science
基金
国家863项目(2009AA01Z434)资助