恶意软件攻击行为的时序逻辑建模分析

Temporal Logic Modeling and Analysis of Malware Attack Behavior

恶意软件会对虚拟环境产生威胁,破坏网络正常运行,为了健全网络安全防护机制,提出恶意软件攻击行为的时序逻辑建模分析。分析了多种软件攻击,包括探测攻击、解码攻击、协议漏洞等手段,结合隐匿身份、信息采集、攻击操作、消除痕迹等攻击流程,构建基于Petri网的攻击行为模型;通过状态和状态变迁建立时序逻辑标准形式,引入变量、状态与异常等假设改进时序逻辑,获得时序逻辑标准公式;定义约束、区间与时间,确定语法形式,建立时序逻辑需满足的关系,完成恶意软件攻击行为的时序逻辑模型构建。仿真结果证明,上述模型可以有效分析出恶意攻击行为发生的时间,提高攻击检测的决策率与检出率。

Malware will threaten the virtual environment and destroy the normal operation of the network. In order to improve the network security protection mechanism, this paper proposes a method for temporal logic modeling and analysis of malware attack behavior. This paper analyzed the software attacks, including detection attacks, decoding attacks, protocol vulnerabilities and other means. Combined with the attack process of hiding identity, information collection, attack operation and eliminating traces, an attack behavior model based on Petri net was constructed, the temporal logic standard form was established through the state and state transition, and improves the temporal logic was improved by introducing the assumptions of variables, states and exceptions, so as to obtain the temporal logic standard formula. Nest, the constraints, interval and time were established, the syntax form was determined, the relationship that temporal logic needs to meet was built up, and the construction of temporal logic model of malware attack behavior was completed. Simulation results show that the model can effectively analyze the time of malicious attacks and improve the decision-making rate and detection rate of attack detection.