摘要
随着新一代网络技术的不断发展,针对工业控制网络的高级恶意软件大量出现,使以智能电网为代表的工业信息系统面临着巨大的信息安全威胁。目前主流的恶意软件检测技术主要是沙箱技术,其原理是在漏洞利用阶段之后,对恶意软件的行为进行分析。但是随着网络攻击技术的不断发展,高级恶意软件通过多态和变形技术掩饰自己的恶意行为。为了抵御智能电网中的高级恶意软件攻击,文章设计了一种基于虚拟执行技术的高级恶意软件攻击在线检测系统,在传统静态检测的基础上,增加了动态检测引擎。动态检测采用和传统的沙箱检测不同的虚拟执行技术,通过系统调用跟踪来分析软件的行为特征,深入观察分析内存和指令属性的变化,有效规避了高级恶意软件漏洞利用后的逃避行为,在漏洞利用阶段发现高级恶意软件攻击。实验表明,在线检测系统能够有效避免智能电网遭受高级恶意软件的攻击。
The current mainstream of malware detection technologies includes sandbox technologies which are mainly based on malware behavior analysis. However, with the continuous development of network attack techniques, advanced malware technology will hide their malicious behavior through multi-state and deformation. In order to protect the information security of the smart grid, this paper presents an advanced online malware detection system based on virtual execution technology. The detection system increases a dynamic detection engine as well as in support of the traditional static test. Dynamic detection engine can detect advanced malware attacks through observation and analysis the changes of instruction and memory properties in depth using a virtual execution technology which is different from the traditional sandbox detection. Smart grid can effectively avoid suffering from advanced malware attacks if the online testing system is used in smart grid.
出处
《信息网络安全》
2016年第1期29-33,共5页
Netinfo Security
