计算机应用研究
計算機應用研究
계산궤응용연구
APPLICATION RESEARCH OF COMPUTERS
2013年
10期
3106-3109,3113
,共5页
恶意代码检测%系统对象%抗混淆%语义%状态变迁图
噁意代碼檢測%繫統對象%抗混淆%語義%狀態變遷圖
악의대마검측%계통대상%항혼효%어의%상태변천도
malware detection%system object%anti-obfuscation%semantics%state changing graph
恶意代码变种给信息系统安全造成了巨大威胁, 为有效检测变种恶意代码, 通过动态监控、解析系统调用及参数, 将不同对象操作关联到同一对象, 构建对象状态变迁图, 然后对状态变迁图进行抗混淆处理, 获取具有一定抗干扰性的恶意代码行为特征图。最后, 基于该特征图检测未知代码。实验结果表明, 该方法能够有效抵抗恶意代码重排、垃圾系统调用等混淆技术干扰, 而且误报率低, 在检测变种恶意代码时具有较好的效果。
噁意代碼變種給信息繫統安全造成瞭巨大威脅, 為有效檢測變種噁意代碼, 通過動態鑑控、解析繫統調用及參數, 將不同對象操作關聯到同一對象, 構建對象狀態變遷圖, 然後對狀態變遷圖進行抗混淆處理, 穫取具有一定抗榦擾性的噁意代碼行為特徵圖。最後, 基于該特徵圖檢測未知代碼。實驗結果錶明, 該方法能夠有效牴抗噁意代碼重排、垃圾繫統調用等混淆技術榦擾, 而且誤報率低, 在檢測變種噁意代碼時具有較好的效果。
악의대마변충급신식계통안전조성료거대위협, 위유효검측변충악의대마, 통과동태감공、해석계통조용급삼수, 장불동대상조작관련도동일대상, 구건대상상태변천도, 연후대상태변천도진행항혼효처리, 획취구유일정항간우성적악의대마행위특정도。최후, 기우해특정도검측미지대마。실험결과표명, 해방법능구유효저항악의대마중배、랄급계통조용등혼효기술간우, 이차오보솔저, 재검측변충악의대마시구유교호적효과。
Malware variants make a big threat to security of information system. To detect variants of malicious codes effectively, through dynamic monitoring and parsing system calls and parameters, this paper related different object operations to the same object, and constructed the object state changing graph. Then it processed the object state changing graph by an anti-obfuscation method to acquire the anti-interference behavior signatures graph of malware. Finally, it detected unknown codes based on the behavior signatures graph. As the results of the experiments show, the method can effectively resist the inference like the rearrangement of malicious codes and the inserting of useless system call. It has a low false negative rate in detecting normal programs and has a good result in detecting variants of malicious codes.
