摘要
针对移动终端恶意软件泛滥的现状,提出一种诱骗、捕获、分析恶意软件的移动蜜罐(mobile honey pot,MHP)技术。MHP包含3个核心模块,环境欺骗模块构造出具有诱骗性的安全资源;恶意行为捕获模块通过监听通信端口、扫描系统内存、识别敏感权限来捕获恶意行为;恶意数据分析模块分析捕获数据,识别和定位安全威胁的类型和根源。结果表明:MHP可有效地捕获和识别恶意行为并适于在移动终端部署应用。
Aiming at the increasing attacks to intelligent mobile terminals, MHP (mobile honeypot) is proposed to decoy, capture and analyze malwares. MHP contains'three kernel modules: the decoy module creates fraudulent envi- ronment, the malicious behavior capture module catches malicious behaviors through monitoring communication port, scanning system memory and identifying sensitive permissions and the malicious data analyzing module in- dentifies the types of security threats. Results show that MHP can capture malicious behavior effectively and is suitable for deploying on mobile terminals.
作者
谢丽霞
王冲
XIE Lixia WANG Chong(College of Computer Science and Technology, CA UC, Tianjin 300300, Chin)
出处
《中国民航大学学报》
CAS
2016年第5期45-50,共6页
Journal of Civil Aviation University of China
基金
国家科技重大专项(2012ZX03002002)
国家自然科学基金项目(60776807
61179045)
天津市科技计划重点项目(09JCZDJC16800)
关键词
恶意行为
移动蜜罐
欺骗环境
行为捕获
malicious behavior
mobile honeypot
fraudulent environment
behaviors intercept
