Due to the diversity and unpredictability of changes in malicious code,studying the traceability of variant families remains challenging.In this paper,we propose a GAN-EfficientNetV2-based method for tracing families ...Due to the diversity and unpredictability of changes in malicious code,studying the traceability of variant families remains challenging.In this paper,we propose a GAN-EfficientNetV2-based method for tracing families of malicious code variants.This method leverages the similarity in layouts and textures between images of malicious code variants from the same source and their original family of malicious code images.The method includes a lightweight classifier and a simulator.The classifier utilizes the enhanced EfficientNetV2 to categorize malicious code images and can be easily deployed on mobile,embedded,and other devices.The simulator utilizes an enhanced generative adversarial network to simulate different variants of malicious code and generates datasets to validate the model’s performance.This process helps identify model vulnerabilities and security risks,facilitating model enhancement and development.The classifier achieves 98.61%and 97.59%accuracy on the MMCC dataset and Malevis dataset,respectively.The simulator’s generated image of malicious code variants has an FID value of 155.44 and an IS value of 1.72±0.42.The classifier’s accuracy for tracing the family of malicious code variants is as high as 90.29%,surpassing that of mainstream neural network models.This meets the current demand for high generalization and anti-obfuscation abilities in malicious code classification models due to the rapid evolution of malicious code.展开更多
With the growth of the Internet,more and more business is being done online,for example,online offices,online education and so on.While this makes people’s lives more convenient,it also increases the risk of the netw...With the growth of the Internet,more and more business is being done online,for example,online offices,online education and so on.While this makes people’s lives more convenient,it also increases the risk of the network being attacked by malicious code.Therefore,it is important to identify malicious codes on computer systems efficiently.However,most of the existing malicious code detection methods have two problems:(1)The ability of the model to extract features is weak,resulting in poor model performance.(2)The large scale of model data leads to difficulties deploying on devices with limited resources.Therefore,this paper proposes a lightweight malicious code identification model Lightweight Malicious Code Classification Method Based on Improved SqueezeNet(LCMISNet).In this paper,the MFire lightweight feature extraction module is constructed by proposing a feature slicing module and a multi-size depthwise separable convolution module.The feature slicing module reduces the number of parameters by grouping features.The multi-size depthwise separable convolution module reduces the number of parameters and enhances the feature extraction capability by replacing the standard convolution with depthwise separable convolution with different convolution kernel sizes.In addition,this paper also proposes a feature splicing module to connect the MFire lightweight feature extraction module based on the feature reuse and constructs the lightweight model LCMISNet.The malicious code recognition accuracy of LCMISNet on the BIG 2015 dataset and the Malimg dataset reaches 98.90% and 99.58%,respectively.It proves that LCMISNet has a powerful malicious code recognition performance.In addition,compared with other network models,LCMISNet has better performance,and a lower number of parameters and computations.展开更多
The field of finance heavily relies on cybersecurity to safeguard its systems and clients from harmful software.The identification of malevolent code within financial software is vital for protecting both the financia...The field of finance heavily relies on cybersecurity to safeguard its systems and clients from harmful software.The identification of malevolent code within financial software is vital for protecting both the financial system and individual clients.Nevertheless,present detection models encounter limitations in their ability to identify malevolent code and its variations,all while encompassing a multitude of parameters.To overcome these obsta-cles,we introduce a lean model for classifying families of malevolent code,formulated on Ghost-DenseNet-SE.This model integrates the Ghost module,DenseNet,and the squeeze-and-excitation(SE)channel domain attention mechanism.It substitutes the standard convolutional layer in DenseNet with the Ghost module,thereby diminishing the model’s size and augmenting recognition speed.Additionally,the channel domain attention mechanism assigns distinctive weights to feature channels,facilitating the extraction of pivotal characteristics of malevolent code and bolstering detection precision.Experimental outcomes on the Malimg dataset indicate that the model attained an accuracy of 99.14%in discerning families of malevolent code,surpassing AlexNet(97.8%)and The visual geometry group network(VGGNet)(96.16%).The proposed model exhibits reduced parameters,leading to decreased model complexity alongside enhanced classification accuracy,rendering it a valuable asset for categorizing malevolent code.展开更多
With the convergence of mobile communication network and Internet in depth, mobile Internet is penetrating into every field of people's life. Smart phone bring us great convenience, but it also becomes the breeding g...With the convergence of mobile communication network and Internet in depth, mobile Internet is penetrating into every field of people's life. Smart phone bring us great convenience, but it also becomes the breeding ground for the spread of malicious codes. In this paper, we propose a trust transfer algorithm based on the ant colony optimization algorithm to calculate the trust degree between any two nodes in the social network. Afterwards, a defense model based on social computing is presented for mobile phone malware. The simulation results show that our trust transfer algorithm improves the computation accuracy of indirect trust value by 14.65% compared with the TidalTrust algorithm, and the patch transmission speed of our model is faster than that of others.展开更多
IoT(Internet of Things)devices are being used more and more in a variety of businesses and for a variety of tasks,such as environmental data collection in both civilian and military situations.They are a desirable att...IoT(Internet of Things)devices are being used more and more in a variety of businesses and for a variety of tasks,such as environmental data collection in both civilian and military situations.They are a desirable attack target for malware intended to infect specific IoT devices due to their growing use in a variety of applications and their increasing computational and processing power.In this study,we investigate the possibility of detecting IoT malware using recurrent neural networks(RNNs).RNNis used in the proposed method to investigate the execution operation codes of ARM-based Internet of Things apps(OpCodes).To train our algorithms,we employ a dataset of IoT applications that includes 281 malicious and 270 benign pieces of software.The trained model is then put to the test using 100 brand-new IoT malware samples across three separate LSTM settings.Model exposure was not previously conducted on these samples.Detecting newly crafted malware samples with 2-layer neurons had the highest accuracy(98.18%)in the 10-fold cross validation experiment.A comparison of the LSTMtechnique to other machine learning classifiers shows that it yields the best results.展开更多
We study the detailed malicious code propagating process in scale-free networks with link weights that denotes traffic between two nodes. It is found that the propagating velocity reaches a peak rapidly then decays in...We study the detailed malicious code propagating process in scale-free networks with link weights that denotes traffic between two nodes. It is found that the propagating velocity reaches a peak rapidly then decays in a power-law form, which is different from the well-known result in unweighted network case. Simulation results show that the nodes with larger strength are preferential to be infected, but the hierarchical dynamics are not clearly found. The simulation results also show that larger dispersion of weight of networks leads to slower propagating, which indicates that malicious code propagates more quickly in unweighted scale-free networks than in weighted scale-free networks under the same condition. These results show that not only the topology of networks but also the link weights affect the malicious propagating process.展开更多
With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. In this paper we explore the mechanism of the malicious code by giving an atta...With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. In this paper we explore the mechanism of the malicious code by giving an attack model of the malicious code, and discuss the critical techniques of implementation and prevention against the malicious code. The remaining problems and emerging trends in this area are also addressed in the paper.展开更多
The damage caused by malicious software is increasing owing to the COVID-19 pandemic,such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infra...The damage caused by malicious software is increasing owing to the COVID-19 pandemic,such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infrastructures and spear-phishing attacks on business or research institutes.Recently,several studies have been conducted to prevent further phishing emails in the workplace because malware attacks employ emails as the primary means of penetration.However,according to the latest research,there appears to be a limitation in blocking email spoofing through advanced blocking systems such as spam email filtering solutions and advanced persistent threat systems.Therefore,experts believe that it is more critical to restore services immediately through resilience than the advanced prevention program in the event of damage caused by malicious software.In accordance with this trend,we conducted a survey among 100 employees engaging in information security regarding the effective factors for countering malware attacks through email.Furthermore,we confirmed that resilience,backup,and restoration were effective factors in responding to phishing emails.In contrast,practical exercise and attack visualization were recognized as having little effect on malware attacks.In conclusion,our study reminds business and supervisory institutions to carefully examine their regular voluntary exercises or mandatory training programs and assists private corporations and public institutions to establish counter-strategies for dealing with malware attacks.展开更多
The Internet of Medical Things(IoMT)is an online device that senses and transmits medical data from users to physicians within a time interval.In,recent years,IoMT has rapidly grown in the medicalfield to provide heal...The Internet of Medical Things(IoMT)is an online device that senses and transmits medical data from users to physicians within a time interval.In,recent years,IoMT has rapidly grown in the medicalfield to provide healthcare services without physical appearance.With the use of sensors,IoMT applications are used in healthcare management.In such applications,one of the most important factors is data security,given that its transmission over the network may cause obtrusion.For data security in IoMT systems,blockchain is used due to its numerous blocks for secure data storage.In this study,Blockchain-assisted secure data management framework(BSDMF)and Proof of Activity(PoA)protocol using malicious code detection algorithm is used in the proposed data security for the healthcare system.The main aim is to enhance the data security over the networks.The PoA protocol enhances high security of data from the literature review.By replacing the malicious node from the block,the PoA can provide high security for medical data in the blockchain.Comparison with existing systems shows that the proposed simulation with BSD-Malicious code detection algorithm achieves higher accuracy ratio,precision ratio,security,and efficiency and less response time for Blockchain-enabled healthcare systems.展开更多
Malware represents a real threat to information systems, because of the damage it causes. This threat is growing today, as these programs take on more complex forms. This means they escape traditional malware detectio...Malware represents a real threat to information systems, because of the damage it causes. This threat is growing today, as these programs take on more complex forms. This means they escape traditional malware detection methods. Hence the need for artificial intelligence, more specifically Deep Learning, which could detect malware more effectively. In this article, we’ve proposed a model for malware detection using artificial neural networks. Our approach used data from the characteristics of machines, particularly computers, to train our Deep Learning algorithm. This model demonstrated an accuracy of around 83% in predicting the presence of malware on a machine. Thus, the use of artificial neural networks for malware detection has shown his ability to assimilate complex, non-linear patterns from data.展开更多
In order to detect web shells that hackers inject into web servers by exploiting system vulnerabilities or web page open sources, a novel web shell detection system based on the scoring scheme is proposed, named Evil-...In order to detect web shells that hackers inject into web servers by exploiting system vulnerabilities or web page open sources, a novel web shell detection system based on the scoring scheme is proposed, named Evil-hunter. First, a large set of malicious function samples normally used in web shells are collected from various sources on the Internet and security forums. Secondly, according to the danger level and the frequency of using these malicious functions in the web shells as well as in legal web applications, an assigning score strategy for each malicious sample is devised. Then, the appropriate score threshold value for each sample is obtained from the results of a statistical analysis. Finally, based on the threshold value, a simple algorithm is presented to identify files that contain web shells in web applications. The experimental results show that compared with other approaches, Evil-hunter can identify web shells more efficiently and accurately.展开更多
To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a fram...To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.展开更多
This article is focused on analyzing the key technologies of new malicious code and corresponding defensive measures in the large-scale communication networks. Based on description of the concepts and development of t...This article is focused on analyzing the key technologies of new malicious code and corresponding defensive measures in the large-scale communication networks. Based on description of the concepts and development of the malicious code, the article introduces the anti-analysis technology, splitting and inserting technology, hiding technology, polymorph virus technology, and auto production technology of the malicious code trends with intelligence, diversity and integration. Following that, it summarizes the security vulnerabilities of communication networks from four related layers aspects, according to the mechanisms of malicious code in the communication networks. Finally, it proposes rapid response disposition of malicious code attacks from four correlated steps: building up the network node monitoring system, suspicious code feature automation analysis and extraction, rapid active malicious code response technique for unknown malicious code, and malicious code attack immunity technique. As a result, it actively defenses against the unknown malicious code attacks and enhances the security performance of communication networks.展开更多
Malicious applications can be introduced to attack users and services so as to gain financial rewards, individuals' sensitive information, company and government intellectual property, and to gain remote control of s...Malicious applications can be introduced to attack users and services so as to gain financial rewards, individuals' sensitive information, company and government intellectual property, and to gain remote control of systems. However, traditional methods of malicious code detection, such as signature detection, behavior detection, virtual machine detection, and heuristic detection, have various weaknesses which make them unreliable. This paper presents the existing technologies of malicious code detection and a malicious code detection model is proposed based on behavior association. The behavior points of malicious code are first extracted through API monitoring technology and integrated into the behavior; then a relation between behaviors is established according to data dependence. Next, a behavior association model is built up and a discrimination method is put forth using pushdown automation. Finally, the exact malicious code is taken as a sample to carry out an experiment on the behavior's capture, association, and discrimination, thus proving that the theoretical model is viable.展开更多
基金support this work is the Key Research and Development Program of Heilongjiang Province,specifically Grant Number 2023ZX02C10.
文摘Due to the diversity and unpredictability of changes in malicious code,studying the traceability of variant families remains challenging.In this paper,we propose a GAN-EfficientNetV2-based method for tracing families of malicious code variants.This method leverages the similarity in layouts and textures between images of malicious code variants from the same source and their original family of malicious code images.The method includes a lightweight classifier and a simulator.The classifier utilizes the enhanced EfficientNetV2 to categorize malicious code images and can be easily deployed on mobile,embedded,and other devices.The simulator utilizes an enhanced generative adversarial network to simulate different variants of malicious code and generates datasets to validate the model’s performance.This process helps identify model vulnerabilities and security risks,facilitating model enhancement and development.The classifier achieves 98.61%and 97.59%accuracy on the MMCC dataset and Malevis dataset,respectively.The simulator’s generated image of malicious code variants has an FID value of 155.44 and an IS value of 1.72±0.42.The classifier’s accuracy for tracing the family of malicious code variants is as high as 90.29%,surpassing that of mainstream neural network models.This meets the current demand for high generalization and anti-obfuscation abilities in malicious code classification models due to the rapid evolution of malicious code.
文摘With the growth of the Internet,more and more business is being done online,for example,online offices,online education and so on.While this makes people’s lives more convenient,it also increases the risk of the network being attacked by malicious code.Therefore,it is important to identify malicious codes on computer systems efficiently.However,most of the existing malicious code detection methods have two problems:(1)The ability of the model to extract features is weak,resulting in poor model performance.(2)The large scale of model data leads to difficulties deploying on devices with limited resources.Therefore,this paper proposes a lightweight malicious code identification model Lightweight Malicious Code Classification Method Based on Improved SqueezeNet(LCMISNet).In this paper,the MFire lightweight feature extraction module is constructed by proposing a feature slicing module and a multi-size depthwise separable convolution module.The feature slicing module reduces the number of parameters by grouping features.The multi-size depthwise separable convolution module reduces the number of parameters and enhances the feature extraction capability by replacing the standard convolution with depthwise separable convolution with different convolution kernel sizes.In addition,this paper also proposes a feature splicing module to connect the MFire lightweight feature extraction module based on the feature reuse and constructs the lightweight model LCMISNet.The malicious code recognition accuracy of LCMISNet on the BIG 2015 dataset and the Malimg dataset reaches 98.90% and 99.58%,respectively.It proves that LCMISNet has a powerful malicious code recognition performance.In addition,compared with other network models,LCMISNet has better performance,and a lower number of parameters and computations.
基金funded by National Natural Science Foundation of China(under Grant No.61905201)。
文摘The field of finance heavily relies on cybersecurity to safeguard its systems and clients from harmful software.The identification of malevolent code within financial software is vital for protecting both the financial system and individual clients.Nevertheless,present detection models encounter limitations in their ability to identify malevolent code and its variations,all while encompassing a multitude of parameters.To overcome these obsta-cles,we introduce a lean model for classifying families of malevolent code,formulated on Ghost-DenseNet-SE.This model integrates the Ghost module,DenseNet,and the squeeze-and-excitation(SE)channel domain attention mechanism.It substitutes the standard convolutional layer in DenseNet with the Ghost module,thereby diminishing the model’s size and augmenting recognition speed.Additionally,the channel domain attention mechanism assigns distinctive weights to feature channels,facilitating the extraction of pivotal characteristics of malevolent code and bolstering detection precision.Experimental outcomes on the Malimg dataset indicate that the model attained an accuracy of 99.14%in discerning families of malevolent code,surpassing AlexNet(97.8%)and The visual geometry group network(VGGNet)(96.16%).The proposed model exhibits reduced parameters,leading to decreased model complexity alongside enhanced classification accuracy,rendering it a valuable asset for categorizing malevolent code.
基金Supported by the National Natural Science Foundation of China(91438117)the Funding of Shanghai Key Laboratory of Financial Information Technology(2015)
文摘With the convergence of mobile communication network and Internet in depth, mobile Internet is penetrating into every field of people's life. Smart phone bring us great convenience, but it also becomes the breeding ground for the spread of malicious codes. In this paper, we propose a trust transfer algorithm based on the ant colony optimization algorithm to calculate the trust degree between any two nodes in the social network. Afterwards, a defense model based on social computing is presented for mobile phone malware. The simulation results show that our trust transfer algorithm improves the computation accuracy of indirect trust value by 14.65% compared with the TidalTrust algorithm, and the patch transmission speed of our model is faster than that of others.
文摘IoT(Internet of Things)devices are being used more and more in a variety of businesses and for a variety of tasks,such as environmental data collection in both civilian and military situations.They are a desirable attack target for malware intended to infect specific IoT devices due to their growing use in a variety of applications and their increasing computational and processing power.In this study,we investigate the possibility of detecting IoT malware using recurrent neural networks(RNNs).RNNis used in the proposed method to investigate the execution operation codes of ARM-based Internet of Things apps(OpCodes).To train our algorithms,we employ a dataset of IoT applications that includes 281 malicious and 270 benign pieces of software.The trained model is then put to the test using 100 brand-new IoT malware samples across three separate LSTM settings.Model exposure was not previously conducted on these samples.Detecting newly crafted malware samples with 2-layer neurons had the highest accuracy(98.18%)in the 10-fold cross validation experiment.A comparison of the LSTMtechnique to other machine learning classifiers shows that it yields the best results.
基金Supported by the National Natural Science Foundation of China (90204012, 60573036) and the Natural Science Foundation of Hebei Province (F2006000177)
文摘We study the detailed malicious code propagating process in scale-free networks with link weights that denotes traffic between two nodes. It is found that the propagating velocity reaches a peak rapidly then decays in a power-law form, which is different from the well-known result in unweighted network case. Simulation results show that the nodes with larger strength are preferential to be infected, but the hierarchical dynamics are not clearly found. The simulation results also show that larger dispersion of weight of networks leads to slower propagating, which indicates that malicious code propagates more quickly in unweighted scale-free networks than in weighted scale-free networks under the same condition. These results show that not only the topology of networks but also the link weights affect the malicious propagating process.
文摘With the explosive growth of network applications, the threat of the malicious code against network security becomes increasingly serious. In this paper we explore the mechanism of the malicious code by giving an attack model of the malicious code, and discuss the critical techniques of implementation and prevention against the malicious code. The remaining problems and emerging trends in this area are also addressed in the paper.
基金This study was supported by a grant from the Korean Health Technology RD Project,Ministry of Health and Welfare,Republic of Korea(HI19C0866).
文摘The damage caused by malicious software is increasing owing to the COVID-19 pandemic,such as ransomware attacks on information technology and operational technology systems based on corporate networks and social infrastructures and spear-phishing attacks on business or research institutes.Recently,several studies have been conducted to prevent further phishing emails in the workplace because malware attacks employ emails as the primary means of penetration.However,according to the latest research,there appears to be a limitation in blocking email spoofing through advanced blocking systems such as spam email filtering solutions and advanced persistent threat systems.Therefore,experts believe that it is more critical to restore services immediately through resilience than the advanced prevention program in the event of damage caused by malicious software.In accordance with this trend,we conducted a survey among 100 employees engaging in information security regarding the effective factors for countering malware attacks through email.Furthermore,we confirmed that resilience,backup,and restoration were effective factors in responding to phishing emails.In contrast,practical exercise and attack visualization were recognized as having little effect on malware attacks.In conclusion,our study reminds business and supervisory institutions to carefully examine their regular voluntary exercises or mandatory training programs and assists private corporations and public institutions to establish counter-strategies for dealing with malware attacks.
基金Taif University Researchers Supporting Project Number(TURSP-2020/98),Taif University,Taif,Saudi Arabia.
文摘The Internet of Medical Things(IoMT)is an online device that senses and transmits medical data from users to physicians within a time interval.In,recent years,IoMT has rapidly grown in the medicalfield to provide healthcare services without physical appearance.With the use of sensors,IoMT applications are used in healthcare management.In such applications,one of the most important factors is data security,given that its transmission over the network may cause obtrusion.For data security in IoMT systems,blockchain is used due to its numerous blocks for secure data storage.In this study,Blockchain-assisted secure data management framework(BSDMF)and Proof of Activity(PoA)protocol using malicious code detection algorithm is used in the proposed data security for the healthcare system.The main aim is to enhance the data security over the networks.The PoA protocol enhances high security of data from the literature review.By replacing the malicious node from the block,the PoA can provide high security for medical data in the blockchain.Comparison with existing systems shows that the proposed simulation with BSD-Malicious code detection algorithm achieves higher accuracy ratio,precision ratio,security,and efficiency and less response time for Blockchain-enabled healthcare systems.
文摘Malware represents a real threat to information systems, because of the damage it causes. This threat is growing today, as these programs take on more complex forms. This means they escape traditional malware detection methods. Hence the need for artificial intelligence, more specifically Deep Learning, which could detect malware more effectively. In this article, we’ve proposed a model for malware detection using artificial neural networks. Our approach used data from the characteristics of machines, particularly computers, to train our Deep Learning algorithm. This model demonstrated an accuracy of around 83% in predicting the presence of malware on a machine. Thus, the use of artificial neural networks for malware detection has shown his ability to assimilate complex, non-linear patterns from data.
基金The Science and Technology Support Program of Jiangsu Province(No.BE2011173)the Future Network Proactive Program of Jiangsu Province(No.BY2013095-5-03)the Program for Special Talent in Six Fields of Jiangsu Province(No.2011-DZ024)
文摘In order to detect web shells that hackers inject into web servers by exploiting system vulnerabilities or web page open sources, a novel web shell detection system based on the scoring scheme is proposed, named Evil-hunter. First, a large set of malicious function samples normally used in web shells are collected from various sources on the Internet and security forums. Secondly, according to the danger level and the frequency of using these malicious functions in the web shells as well as in legal web applications, an assigning score strategy for each malicious sample is devised. Then, the appropriate score threshold value for each sample is obtained from the results of a statistical analysis. Finally, based on the threshold value, a simple algorithm is presented to identify files that contain web shells in web applications. The experimental results show that compared with other approaches, Evil-hunter can identify web shells more efficiently and accurately.
文摘To devise efficient approaches and tools for detecting malicious packages in the Android ecosystem, researchers are increasingly required to have a deep understanding of malware. There is thus a need to provide a framework for dissecting malware and locating malicious program fragments within app code in order to build a comprehensive dataset of malicious samples. Towards addressing this need, we propose in this work a tool-based approach called HookRanker, which provides ranked lists of potentially malicious packages based on the way malware behaviour code is triggered. With experiments on a ground truth of piggybacked apps, we are able to automatically locate the malicious packages from piggybacked Android apps with an accuracy@5 of 83.6% for such packages that are triggered through method invocations and an accuracy@5 of 82.2% for such packages that are triggered independently.
基金supported by the National Natural Science Foundation of China (60973139,60773041)the Natural Science Foundation of Jiangsu Province (BK2008451)+4 种基金the Hi-Tech Research and Development Program of China (2007AA01Z404,2007AA01Z478)Foundation of National Laboratory for Modern Communications (9140C1105040805)the Postdoctoral Foundation (0801019C,20090451240,20090451241)the Science & Technology Innovation Fund for Higher Education Institutions of Jiangsu Province (CX08B-085Z,CX08B-086Z)the Six Kinds of Top Talent of Jiangsu Province (2008118)
文摘This article is focused on analyzing the key technologies of new malicious code and corresponding defensive measures in the large-scale communication networks. Based on description of the concepts and development of the malicious code, the article introduces the anti-analysis technology, splitting and inserting technology, hiding technology, polymorph virus technology, and auto production technology of the malicious code trends with intelligence, diversity and integration. Following that, it summarizes the security vulnerabilities of communication networks from four related layers aspects, according to the mechanisms of malicious code in the communication networks. Finally, it proposes rapid response disposition of malicious code attacks from four correlated steps: building up the network node monitoring system, suspicious code feature automation analysis and extraction, rapid active malicious code response technique for unknown malicious code, and malicious code attack immunity technique. As a result, it actively defenses against the unknown malicious code attacks and enhances the security performance of communication networks.
基金supported by the National Natural Science Foundation of China (Nos. 61272033 and 61272405)
文摘Malicious applications can be introduced to attack users and services so as to gain financial rewards, individuals' sensitive information, company and government intellectual property, and to gain remote control of systems. However, traditional methods of malicious code detection, such as signature detection, behavior detection, virtual machine detection, and heuristic detection, have various weaknesses which make them unreliable. This paper presents the existing technologies of malicious code detection and a malicious code detection model is proposed based on behavior association. The behavior points of malicious code are first extracted through API monitoring technology and integrated into the behavior; then a relation between behaviors is established according to data dependence. Next, a behavior association model is built up and a discrimination method is put forth using pushdown automation. Finally, the exact malicious code is taken as a sample to carry out an experiment on the behavior's capture, association, and discrimination, thus proving that the theoretical model is viable.