期刊文献+

一种层次化的恶意代码行为分析方法 被引量:1

Hierarchical method to analyze malware behavior
下载PDF
导出
摘要 提出一种层次化的恶意代码行为分析方法,首先根据程序运行时的系统调用序列获取行为信息,然后分析其行为意图并作危害性评估。在行为检测部分,设计了行为检测算法,利用系统调用函数及其参数信息识别程序行为。在行为分析部分,总结了各种恶意行为对计算机系统造成的危害,利用攻击树原理建立恶意行为危害评估模型,并给出恶意代码危害性计算方法。 This paper proposed a hierarchical method to analyze malware behavior,which firstly obtained behavior information according to the system call sequence in the run-time of the program,then analyzed their behavioral intentions and made hazard assessments.On the part of behavior detection,a behavior detection algorithm was designed,which utilized system calls and their arguments to identify the program behavior.On the part of behavior analysis,an evaluation model about the harms of malicious actions was established on the basis of summarizing a variety of malicious actions and their harms to computer system,together with a method being given to evaluate the harm of the code.
出处 《计算机应用》 CSCD 北大核心 2010年第4期1048-1052,共5页 journal of Computer Applications
关键词 行为分析 行为检测 应用程序接口调用序列 层次化方法 攻击树 behavior analysis behavior detection Application Programming Interface(API)system call hierarchical method attack tree
  • 相关文献

参考文献11

  • 1卡巴斯基安全公告:2008相关统计数据[EB/OL].[2009-04-20].http://www.kaspersky.com.cn/KL-AboutUs/news2009/04n/090420a.htm.
  • 2WILLEMS C,HOLZ T,FREILING F.Toward automated dynamic malware analysis using CWSandbox[J].IEEE Security and Privacy,2007,5(2):32-39.
  • 3BAYER U,KRUEGEL C,KIRDA E.TTAnalyze:A tool for analyzing malware[C]//EICAR:Proceedings of the 15th Annual Conference of the European Institute for Computer Antivirus Research.Hamburg:[s.n.],2006.
  • 4张冲,吴灏.基于攻击树的脚本病毒样本分析方法[J].计算机应用研究,2005,22(6):118-120. 被引量:4
  • 5杨彦,黄皓.基于攻击树的木马检测方法[J].计算机工程与设计,2008,29(11):2711-2714. 被引量:15
  • 6许敏,赵天福.基于行为特征的恶意代码检测方法[J].网络与信息,2009,23(6):14-16. 被引量:5
  • 7CHRISTODORESCU M,JHA S,KRUEGEL C.Mining specifications of malicious behavior[C]// Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering.New York:ACM,2008:5-14.
  • 8SCHNEIER B.Artack trees:Modeling security threats[J].Dr Dobb's Journal,1999,24(12):21-29.
  • 9张健,梁宏,陈建民,王琚,曹鹏,张双桥.计算机病毒危害性的评估[J].信息网络安全,2005(1):39-41. 被引量:8
  • 10Anubis[EB/OL].[2009-06-01].http://anubis.iseclab.org/.

二级参考文献15

共引文献27

同被引文献9

引证文献1

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部