摘要: 基于行为的判别已成为恶意代码检测技术研究的主流方向,现有方法容易受到拟态攻击或影子攻击的影响。针对这些问题,提出了一种全新的使用谓词时序逻辑描述恶意代码行为的方法,该方法能够同时刻画一组函数调用之间的逻辑组合、时序、参数依赖和主客体关联等关系,因此能更准确细致地描述恶意代码行为。在此基础上,提出了相应的恶意行为检测算法,通过实例测试验证了该方法的有效性。
[1] Idike N,Mathur A P.A Survey of Malware Detection Techniques[R].Technical Report.Purdue University,2007 [2] Geer D.Behavior-Based Network Security Goes Mainstream[J].Computer,2006,39(3):14-17 [3] Canali D,Lanzi A,Balzarotti B,et al.A Quantitative Study of Accuracy in System Call-Based Malware Detection[C]∥Proceedings of the the International Symposium on Software Testing and Analysis.2012 [4] Sami A,Rahimi H,Yadegari B,et al.Malware Detection Based on Mining API Calls[C]∥ACM Symposium on Applied Computing.2010 [5] Alazab M,Venkatraman S,Watters P.Malware Detection Based on Structural and Behavioural Features of API Calls[C]∥1st International Cyber Resilience Conference.Edith Cowan University,Perth Western Australia,2010 [6] 李鹏,王汝传,高德华.基于模糊识别和支持向量机的联合Rootkit动态检测技术研究[J].电子学报,2012,40(1):115-120 [7] Parampalli C,Sekar R,Johnson R.A Practical Mimicry Attack Against Powerful System-Call Monitors[C]∥ACM Symposium on Information,Computer and Communications Security(Asia-CCS).Japan,2008:156-167 [8] Kolbitsch C,Comparetti P M,Kruegel C,et al.Effective and Efficient Malware Detection at the End Host[C]∥Proceedings of 18th USENIX Security Symposium.2009 [9] Martignoni L,Stinson E,Fredrikson M,et al.A Layered Architecture for Detecting Malicious Behaviors[C]∥Proceedings of the 11th international Symposium on Recent Advances in intrusion Detection.2008 [10] Ma W,Duan P,Liu S,et al.Shadow Attacks:Automatically Evading System-Call-Behavior Based Malware Detection Based Malware Detection[J].Journal in Computer Virology,2012,8(1/2):1-13 [11] Harbour N.Stealth Secrets of the Malware Ninjas[EB/OL].https://www.blackhat.com/ presentations/bh-usa-07/Harbour/Presentation/bh-usa-07-harbour.pdf,2012-09-20 [12] 杨彦,黄浩.基于攻击树的木马监测方法[J].计算机工程与设计,2008,29(11):2711-2714 |
No related articles found! |
|