| 一种层次化的恶意代码行为分析方法 |
| |
| 引用本文: | 黄茜,武东英,孙晓妍.一种层次化的恶意代码行为分析方法[J].计算机应用,2010,30(4):1048-1052. |
| |
| 作者姓名: | 黄茜 武东英 孙晓妍 |
| |
| 作者单位: | 1. 解放军信息工程大学信息工程学院2. 解放军信息工程大学信息工程学院七系 |
| |
| 摘 要: | 提出一种层次化的恶意代码行为分析方法,首先根据程序运行时的系统调用序列获取行为信息,然后分析其行为意图并作危害性评估。在行为检测部分,设计了行为检测算法,利用系统调用函数及其参数信息识别程序行为。在行为分析部分,总结了各种恶意行为对计算机系统造成的危害,利用攻击树原理建立恶意行为危害评估模型,并给出恶意代码危害性计算方法。
|
| 关 键 词: | 行为分析 行为检测 应用程序接口调用序列 层次化方法 攻击树 |
| 收稿时间: | 2009-10-15 |
| 修稿时间: | 2009-12-01 |
Hierarchical method to analyze malware behavior |
| |
| HUANG Qian,WU Dong-ying,SUN Xiao-yan.Hierarchical method to analyze malware behavior[J].journal of Computer Applications,2010,30(4):1048-1052. |
| |
| Authors: | HUANG Qian WU Dong-ying SUN Xiao-yan |
| |
| Affiliation: | Institute of Information Engineering/a>;Information Engineering University/a>;Zhengzhou Henan 450002/a>;China |
| |
| Abstract: | This paper proposed a hierarchical method to analyze malware behavior,which firstly obtained behavior information according to the system call sequence in the run-time of the program,then analyzed their behavioral intentions and made hazard assessments.On the part of behavior detection,a behavior detection algorithm was designed,which utilized system calls and their arguments to identify the program behavior.On the part of behavior analysis,an evaluation model about the harms of malicious actions was establ... |
| |
| Keywords: | behavior analysis behavior detection Application Programming Interface (API) system call hierarchical method attack tree |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
