摘要
针对主动防御技术检测准确率不高的问题,提出了一种基于运动轨迹分析的启发式木马检测系统。提出了两种典型的木马运动轨迹,利用运动轨迹上的行为数据,结合判定规则与算法,实现对可疑文件危险等级的检测。实验结果表明,该系统检测未知木马性能优于传统方法,并且能够检测一些特殊木马。
Concerning of the low accurate rate of active defense technology, a heuristic detection system of Trojan based on the analysis of trajectory was proposed. Two kinds of typical Trojan trajectories were presented, and by using the behavioral data on Trojan trajectory the danger level of the suspicious file was detected with the decision rules and algorithm. The experimental results show that the performance of detecting unknown Trojan of this system is better than that of the traditional method, and some special Trojans can also be detected.
出处
《计算机应用》
CSCD
北大核心
2015年第3期756-760,共5页
journal of Computer Applications
基金
四川省教育厅项目(08ZA043)
关键词
主动防御
虚拟机
运动轨迹
文件捆绑
隐藏进程
active defense
Virtual Machine (VM)
trajectory
file binding
hidden process
