虚拟化环境中基于神经网络专家系统的Rootkit检测方法研究

计算机科学 ›› 2015, Vol. 42 ›› Issue (8): 175-179.

虚拟化环境中基于神经网络专家系统的Rootkit检测方法研究

赵志远,朱智强,孙磊,马可欣

解放军信息工程大学三院郑州450000,解放军信息工程大学三院郑州450000,解放军信息工程大学三院郑州450000,解放军信息工程大学三院郑州450000

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家863计划基金项目(2008AA01Z404),国防预研基金项目(910A26010306JB5201)资助

Research on Rootkit Detection Method Based on Neural Network Expert System in Virtualized Environment

ZHAO Zhi-yuan, ZHU Zhi-qiang, SUN Lei and MA Ke-xin

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 针对现有虚拟化环境客户操作系统中对Rootkit检测存在误判率高、无法检测未知Rootkit等问题,提出了一种基于神经网络专家系统的Rootkit检测方法(QPSO_BP_ES)。该方法将神经网络与专家系统相结合,利用其各自的优势构成检测系统。在实际检测时,首先捕获事先选取出来的Rootkit典型特征行为,然后通过训练好的神经网络专家系统来检测客户操作系统中是否存在Rootkit。最后通过实验表明,QPSO_BP_ES检测系统模型可以降低误判率,有效地检测已知和未知的Rootkit。

关键词: 虚拟化,量子粒子群,神经网络,专家系统,Rootkit

Abstract: In order to solve the problems about the high misjudgment ratio of Rootkit detection and undetectable unknown Rootkit in the virtualization guest operating system,a Rootkit detection method(QPSO_BP_ES) based on neural network expert system was proposed.The detection system combines neural network with expert system,which can take advantage of them.In the actual detection,QPSO_BP_ES firstly captures the previously selected Rootkit’s typical characteristic behaviors.And then,the trained system detects the presence of Rootkit.The experimental results show that QPSO_BP_ES can effectively reduce the misjudgment ratio and detect both known and unknown Rootkit.

Key words: Virtualization,QPSO,Neural network,Expert system,Rootkit

赵志远,朱智强,孙磊,马可欣. 虚拟化环境中基于神经网络专家系统的Rootkit检测方法研究[J]. 计算机科学, 2015, 42(8): 175-179. https://doi.org/

ZHAO Zhi-yuan, ZHU Zhi-qiang, SUN Lei and MA Ke-xin. Research on Rootkit Detection Method Based on Neural Network Expert System in Virtualized Environment[J]. Computer Science, 2015, 42(8): 175-179. https://doi.org/

参考文献

[1] 冯登国,张敏,张妍等.云计算安全研究[J].软件学报,2011,22(1):71-83 Feng Deng-guo,Zhang Min,Zhang Yan,et al.Study on Cloud Computing Security[J].Journal of Software,2011,22(1):71-83
[2] 王怀习,陈建熊,王晨,等.云计算中虚拟化技术的安全威胁[J].华中科技大学学报(自然科学版),2012(S1):153-156 Wang Huai-xi,Chen Jian-xiong,Wang Chen,et al.Security threats of virtualization in cloud computing[J].Journal Huazhong University of Science and Technology(Natural Science Edition),2012(S1):153-156
[3] Dinaburg A,Royal P,Sharif M,et al.Ether:malware analysisvia hardware virtualization extensions[C]∥CCS08.2008
[4] Jones S T,Arpaci-Dusseau A C,Arpaci-Dusseau R H,et al.VMM-based hidden process detection and identification using Lycosid[C]∥VEE’08.2008:91-100
[5] 潘剑锋.主机恶意代码检测系统的设计与实现[D].合肥:中国科学技术大学,2009 Pan Jian-feng.Design and Implemetation of Host-Based Malcode Detection System[D].Hefei:University of Science and Techno-logy of China,2009
[6] 王蕊,冯登国,杨轶,等.基于语义的恶意代码行为特征提取及检测方法[J].软件学报,2012,23(2):378-393 Wang Rui,Feng Deng-guo,Yang Yi,et al.Semantics-Based Malware Behavior Signature Extraction and Detection Method[J].Journal of Software,2012,23(2):378-393
[7] 高刃,唐龙,伍爵博.基于神经网络的无线传感器网络数据预测应用研究[J].计算机科学,2012,39(5):44-47 Gao Ren,Tang Long,Wu Jue-bo.Application Research of Data Prediction in Wireless Sensor Network Based on Neural Network[J].Computer Science,2012,39(5):44-47
[8] 韩敏.基于微粒群的神经网络预测控制理论及应用[M].北京:中国水利水电出版社,2013 Han Min.Theory and Application of Neural Network Predictive and Control Based on Particle Swarm[M].Beijing:China WaterPower Press,2013
[9] 冯帆,罗森林.基于VMM的Rootkit检测技术及模型分析[J].信息网络安全,2013(6):35-39 Feng Fan,Luo Sen-lin.The Analysis of VMM based Rootkit Detecting Technology and Model[J].Information Network Security,2013(6):35-39
[10] 韩奕.基于行为分析的恶意代码检测与评估研究[D].北京:北京交通大学,2014 Han Yi.A Research of Malware Detection and Evaluation Based on Behavior Analysis[D].Beijng:Beijing Jiaotong University,2014
[11] 刘婷婷.面向云计算的数据安全保护关键技术研究[D].郑州:解放军信息工程大学,2013 Liu Ting-ting.Research on Key Technologies of Data Security towards Cloud Computing[D].Zhengzhou:PLA Information Engineering University,2013
[12] Kolmogorov A N.The local structure of turbulence in incompressible viscous fluid for very large Reynolds numbers[J].Dokl.Akad.Nauk SSSR.,1941,30(4):299-303
[13] 李剑.入侵检测技术[M].北京:高等教育出版社,2012Li Jian.Intrusion Detection Technology[M].Beijing:HigherEducation Press,2012
[14] 王丽娜,高汉军,刘炜,等.利用虚拟机监视器检测及管理隐藏进程[J].计算机研究与发展,2011,8(8):1534-1541 Wang Li-na,Gao Han-jun,Liu Wei,et al.Detecting and Managing Hidden Process via Hypervisor[J].Journal of Computer Research and Development,2011,48(8):1534-1541

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed