摘要
随着互联网的发展,恶意软件逐渐成为威胁网络安全的重要因素。而Java内存马作为一种内存驻留的恶意软件,不仅具有隐蔽性高、易于传播等特点,还能够利用一些Java的高级特性实现更复杂的攻击行为,给网络安全带来更大的威胁。文章提出了一种基于YARA的Java内存马检测方案,通过向JVM中注入Agent将高风险类导出并通过YARA实现对Java内存中的恶意代码的检测和定位,再对该方法进行了实验验证。实验结果表明,该方案能够有效地检测Java内存马,具有较高的检测准确率和较低的误报率。
With the development of the Internet,malware has gradually become an important factor threatening network security.As a type of memory-resident malware,Java memory-resident malware not only has high concealment and ease of propagation,but also can use some advanced features of Java to implement more complex attack behaviors,posing greater threats to network security.This paper proposes a YARA-based method for detecting Java memory-resident malware,which defines some feature strings and regular expression rules to detect and locate malicious code in Java memory,and verifies the method through experiments.The experimental results show that the method can effectively detect Java memory-resident malware with high detection accuracy and low false positive rate.
作者
刘向伟
张晓娇
宋金金
Liu Xiangwei;Zhang Xiaojiao;Song Jinjin(Jiangsu Golden Shield Detection Technology Co.,Ltd.,Nanjing 210042)
出处
《无线互联科技》
2023年第6期41-44,48,共5页
Wireless Internet Technology