电信科学 ›› 2014, Vol. 30 ›› Issue (11): 105-109.doi: 10.3969/j.issn.1000-0801.2014.11.018

• 研究与开发 • 上一篇    下一篇

基于特征行为分析的木马病毒检测技术的研究 *

邹维福1,张翼英2,张素香2,杨成月3   

  1. 1 国网泉州供电公司 泉州 362000
    2 国家电网公司信息通信分公司 北京 100761
    3 南瑞集团公司厦门亿力吉奥信息科技有限公司 厦门 361009
  • 出版日期:2014-11-20 发布日期:2017-07-15
  • 基金资助:
    国家高技术研究发展计划(“863”计划)基金资助项目

Research on Anti-Trojan Malware Mechanism Based on Characteristic Behavior

Weifu Zou1,Yiying Zhang2,Suxiang Zhang2,Chengyue Yang3   

  1. 1 State Grid Quanzhou Electric Power Supply Company, Quanzhou 362000, China
    2 State Grid Information & Telecommunication Co., Ltd., Beijing 100761, China
    3 NARI Group Corporation Xiamen Great Power Gio Information Technology Co., Ltd., Xiamen 361009, China
  • Online:2014-11-20 Published:2017-07-15

在线阅读

1

PDF下载

1323

摘要:

摘 要:基于木马病毒行为特性,提出基于数据挖掘的相似度技术的主动木马病毒检测及预防算法,从规则化、行为过滤及自学习3个方面保证算法的完备性和有效性。首先,依据木马病毒特征码及特征行为,进行特征的规则化,建立初始木马病毒规则库。其次,建立进程行为特征捕捉及分析过程,采用聚类分析方法,完成行为特征规则化。最后,通过对比规则库及相似度主动对比法,完成对可疑进程的分析对比,确定可疑进程性质。分析及实验表明该算法具有自主学习及主动防御特征,很好地平衡了静态测试技术和动态测试技术的优缺点。

关键词: 木马病毒, 行为检测, 规则化, 安全

Abstract:

Trojans inject systems and launch various attacks, such as eavesdropping secret information, tampering with system configuration etc., which threats to system security seriously. A novel anti-Trojan malware mechanism based on characteristic behavior and cosine similarity was proposed. Firstly, according to the initial rules base and application behavior, the mechanism regularized the operations of application, and then, the mechanism invoked rules to judges suspicious behaviors based on current rules base and operational impact. Once the application was considered as Trojan malware, the system would dispatch the appropriate algorithm for processing. The mechanism triggered by sensitive behaviors, and had the active prevention function and self-learning function. The analysis and experiment show the solution can detect Trojan malware effectively.

Key words: Trojan malware, behavior detection, regularization, security

No Suggested Reading articles found!