摘要
针对互联网服务器的攻击行为常利用程序存在的未知漏洞展开,且手法不断更新,使得防御技术的更新往往长时间滞后于攻击行为的发生。提出了一种动静结合的网络数据检测方法,在传统静态分析的基础上优化了检测算法,同时引入了动态模拟运行的检测方式;通过动静结合的双重检测提高了恶意代码的识别率,并能够在代码传入实际被保护程序运行前检测并确定其恶意性,实现防御系统策略的快速自动化更新,缩短了策略更新时间,提高了防御效果。结合该技术实现了一个N-A detecting(网络数据检测)防御系统,实验证明,该系统能够很好地防范针对网络程序的恶意代码攻击行为。
The attacks against Internet servers usually use unexplored vulnerabilities existed in the program or the attacks are constantly being updated. All of these made the defensive measures often lag behind the attack. In order to solve this problem, this paper presented a static and dynamic network data detection technology, which optimized the detection algorithm on the basic of traditional static analysis, and introduced the dynamic simulation to improve the rate of malicious data detection. It could detect malicious data before the data were introduced into the protection program and realized automatic update of defense system strategy and optimized the defense effect. This paper combined this technology to implement an N-A (network data detection) defense system. According to the experiment result, this system can be used to prevent bad code attacks against network programs.
作者
邓兆琨
陆余良
黄钊
Deng Zhaokun;Lu Yuliang;Huang Zhao(National University of Defense Technology, Hefei 230037, China)
出处
《计算机应用研究》
CSCD
北大核心
2019年第7期2159-2163,共5页
Application Research of Computers
基金
国家重点研发计划重点专项资助项目(2017YFB0802905)