摘要
提出一种层次化的恶意代码行为分析方法,首先根据程序运行时的系统调用序列获取行为信息,然后分析其行为意图并作危害性评估。在行为检测部分,设计了行为检测算法,利用系统调用函数及其参数信息识别程序行为。在行为分析部分,总结了各种恶意行为对计算机系统造成的危害,利用攻击树原理建立恶意行为危害评估模型,并给出恶意代码危害性计算方法。
This paper proposed a hierarchical method to analyze malware behavior,which firstly obtained behavior information according to the system call sequence in the run-time of the program,then analyzed their behavioral intentions and made hazard assessments.On the part of behavior detection,a behavior detection algorithm was designed,which utilized system calls and their arguments to identify the program behavior.On the part of behavior analysis,an evaluation model about the harms of malicious actions was established on the basis of summarizing a variety of malicious actions and their harms to computer system,together with a method being given to evaluate the harm of the code.
出处
《计算机应用》
CSCD
北大核心
2010年第4期1048-1052,共5页
journal of Computer Applications
关键词
行为分析
行为检测
应用程序接口调用序列
层次化方法
攻击树
behavior analysis
behavior detection
Application Programming Interface(API)system call
hierarchical method
attack tree