计算机科学 ›› 2021, Vol. 48 ›› Issue (4): 309-315.doi: 10.11896/jsjkx.201100171
王乐乐1, 汪斌强1, 刘建港2, 苗启广3
WANG Le-le1, WANG Bin-qiang1, LIU Jian-gang2, MIAO Qi-guang3
摘要: 恶意程序是互联网时代一个非常具有威胁性的安全问题。恶意程序的出现和传播速度的加快,使得对恶意程序的检测变得更加困难。大多数防火墙和防病毒软件都是根据恶意特征、使用一系列特殊字节来识别恶意代码。然而,恶意程序编写者会使用代码混淆技术来躲避这种检测。为此,研究者提出了动态分析方法来检测这种新的恶意程序,但这种方法的时间效率和匹配精度并不令人满意。文中提出了一种有效的恶意行为图构建与匹配算法,包括存储二维关联图的存储方法、行为图的构建方法、行为关联规则的构建方法、行为图解析算法的设计、行为匹配算法等。最后给出了实验分析,证明了该方法具有较高的检测准确率;除Auto类外,其对其他类别恶意程序的识别率都在90%以上。
中图分类号:
[1]CERTNET/CC.2019 CNCERT Cybersecurity analysis[EB/OL].https://www.cert.org.cn/publish/main/46/2020/20-200420191144066734530/20200420191144066734530_.html. [2]LUKASHIN A,POPOV M,BOLSHAKOV A,et al.ScalableData Processing Approach and Anomaly Detection Method for User and Entity Behavior Analytics Platform[C]//International Symposium on Intelligent and Distributed Computing.Springer,Cham,2019:344-349. [3]CHENG B,TONG Q,WANG J,et al.Malware clustering using family dependency graph[J].IEEE Access,2019,7:72267-72272. [4]ELHADI A A,MAAROF M A,BARRY B I,et al.Enhancing the detection of metamorphic malware using call graphs[J].Computers & Security,2014,46(oct.):62-78. [5]NIKOLOPOULOS S D,POLENAKIS I.A graph-based model for malware detection and classification using system-call groups[J].Journal of Computer Virology & Hacking Techniques,2017,13(1):29-46. [6]ZHAO B L,MENG X,HAN J,et al.Homology analysis of malware based on graph[J].Journal on Communications,2017,38(Z2):86-93. [7]LIN S J.Research of android malware detection technologybased on function call graph[D].Beijing:Beijing University of Posts and Telecommunications,2017. [8]LI L.Graph Structure Oriented Android Malware Detection[D].Beijing:Beijing Jiaotong University,2018. [9]ZHAO C R,ZHANG W J,FANG Y,et al.Malware detectionbased on semanticAPI dependency graph[J].Journal of Sichuan University(Natural Science Edition),2020,57(3):78-84. [10]XIAO F.Research on Malware Detection Method Based on Behavior Analysis[D].Beijing:Beijing University of Posts and Telecommunications,2020. [11]FREDRIKSON M,JHA S,CHRISTODORESCU M,et al.Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors[C]//IEEE Symposium on Security & Privacy.IEEE,2010:45-60. [12]MIAO Q G,WANG Y,CAO Y,et al.Research on detectiontechnology of malicious software based on sub-behavior[J].Systems Engineering and Electronics,2013,34(8):1735-1740. [13]LIU W C.Research on Analysis Technology of Malware based on Minimum-Behavior[D].Xi’an:Xidian University,2012. [14]MARTIGNONI L,STINSON E,FREDRIKSON M,et al.ALayered Architecture for Detecting Malicious Behaviors[C]//International Symposium on Recent Advances in Intrusion Detection(RAID 2008).Springer-Verlag,2008. [15]Cuckoo[EB/OL].https://cuckoosandbox.org/. [16]BAI J,SHI Q.Malware Detection Method based onDynamic Variable Length API Sequence[C]//2019 12th International Symposium on Computational Intelligence and Design (ISCID).IEEE,2019:285-288. [17]KARA I.A basic malware analysis method[J].Computer Fraud &Security,2019,2019(6):11-19. [18]CWSandbox[EB/OL].https://cwsandbox.org/. |
[1] | 陈源毅, 冯文龙, 黄梦醒, 冯思玲. 基于知识图谱的行为路径协同过滤推荐算法 Collaborative Filtering Recommendation Algorithm of Behavior Route Based on Knowledge Graph 计算机科学, 2021, 48(11): 176-183. https://doi.org/10.11896/jsjkx.201000004 |
[2] | 何鑫, 许娟, 金莹莹. 行为关联网络:完整的变化行为建模 Action-related Network:Towards Modeling Complete Changeable Action 计算机科学, 2020, 47(9): 123-128. https://doi.org/10.161896/jsjkx.190800101 |
[3] | 张亚红,张琳琳,赵楷,陈佳丽,冯在文. 一种基于运行时验证的Web服务选择方法 Web Service Selection Method Based on Runtime Verification 计算机科学, 2014, 41(1): 246-249. |
[4] | . UML行为图驱动的Java程序运行时验证工具 计算机科学, 2007, 34(12): 273-277. |
|