摘要
提出了一套基于主机与云分析相结合的轻量级威胁感知系统,该系统从主机捕获敏感行为日志,然后在云端对其进行分析处理.该系统的优势在于行为捕获过程实现用户无感知,将复杂的分析过程放到云端实现,既能捕获到进程级别的主机行为信息,又不会对主机产生较大性能压力,还能从云端进行主机间的关联分析.该系统已部署1.763 6×104台客户主机,经过实际运行检测,发现114个未知恶意程序,对未知恶意软件具有良好的检测效果,同时有效降低人均样本分析压力,显著提升了人工分析效率.
A lightweight threat awareness system based on the combination of host and cloud analysis was proposed in this paper.The system captured sensitive behavior from hosts,and then analyzed the log in the cloud server.The advantage is that the process of capturing user′s behavior is imperceptible,and the complex analysis is achieved in server.The solution can reduce the pressure of performance on host,and implement the correlation analysis in cloud as well.Our system has been deployed into 1.763 6×104 clients,and 114 malwares that are failed to be declared by current commercial antivirus software has been detected.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2016年第3期17-21,27,共6页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(61202387
61373168
61202385)
中国博士后科学基金资助项目(2012M510641)
高等学校博士学科点专项科研基金资助项目(20120141110002)
武汉市青年科技晨光计划资助项目(201271031367)
关键词
恶意软件
进程行为
关联分析
云分析
异常检测
威胁感知
malware
process behavior
correlation analysis
cloud analysis
anomaly detection
threat perception
