2011年全国信息网络安全状况与计算机及移动终端病毒疫情调查分析报告

为掌握我国信息网络安全和计算机移动终端病毒疫情现状及发展变化趋势,宣传、普及信息网络安全知识,2011年12月6日至2012年1月6日,在公安部网络安全保卫局指导下,国家计算机病毒应急处理中心以及新浪网站承办了信息网络安全和计算机移动终端病毒疫情调查活动,国内主要计算机病毒防治厂商为本次调查工作提供技术支持。调查结果显示,2011年,68.83%的被调查单位发生过信息网络安全事件,与2010年相比下降了5个百分点。感染计算机病     

2010年全国信息网络安全状况与计算机及移动终端病毒疫情调查分析报告

为掌握中国信息网络安全和计算机移动终端病毒疫情现状和发展变化趋势,宣传、普及信息网络安全知识,2010年11月20日至12月20日,国家计算机病毒应急处理中心举办了信息网络安全和计算机移动终端病毒疫情调查活动。此次活动在公安部网络安全保卫局指导下,各省区市公安厅、局网络安全保卫部门、国家计算机病毒应急处理中心、国家反计算机入侵和防病毒研究中心以及新浪网站承办,国内主要计算机病毒防治厂商提供技术支持。国内近3万家重点互联网接入服务单位、互联网数据中心、大型互联网站、重点联网单位以及计算机、移动终端用户参加了调查。调查结果显示,2010年,72.16%的被调查单位发生过信息网络安全事件,与2009年相比有大幅上升。感染计算机病毒的比例为60%,与2009年相比有所下降,并且已经连续三年呈现下降趋势。调查表明,中国广大联网单位和计算机用户的网络安全防范意识明显增强,联网单位网络安全管理水平有所提高,通过网络安全监测技术主动发现安全事件的能力逐步增强,内部管理更加规范。中国网络安全态势也继续延续2009年的发展趋势,网上制作、贩卖病毒、木马的活动猖獗,利用病毒、木马技术和网络欺诈的网上侵财活动呈上升趋势。随着移动互联网的发展,移动安全问题日益显现,针对手机的病毒、木马和吸费软件等恶意软件发展迅速。2010年11月10日至12月17日,公安机关对全国各省部分政府网站开展了网站远程安全检测,检测对象为全国31个省、市、区的政府对外服务网站,共计7383个。检测内容涵盖目前黑客攻击最常利用的网站安全漏洞和网页挂马情况。调查显示,34.13%的政府网站存在网页安全漏洞,亟需采取措施消除安全隐患,加强安全保护。     

2011年全国信息网络安全状况——暨计算机及移动终端病毒疫情调查分析报告

报告摘要为掌握我国信息网络安全和计算机移动终端病毒疫情现状和发展变化的趋势,宣传、普及信息网络安全知识,2011年12月6日至2012年1月6日,我们举办了信息网络安全和计算机移动终端病毒疫情调查活动。此次活动在公安部网络安全保卫局的指导下,由国家计算机病毒应急处理中心以及新浪网站承办,国内主要计算机病毒防治厂商提供技术支持。     

“第十四次全国信息网络安全状况暨计算机和移动终端病毒疫情调查活动启动会”在津举办

2月2日,"第十四次全国信息网络安全状况暨计算机和移动终端病毒疫情调查活动启动会"在天津召开。为了解掌握我国信息网络安全情况以及计算机和移动终端病毒疫情状况,为国家制定网络安全及计算机病毒防治策略提供准确参考,宣传、普及信息网络安全知识,提高广大用户网络安全防范意识,公安部已经连续13年组织全国性的计算机病毒年度疫情调查活动,并一直由设在天津市公安局的国家计算机病毒应急处理中心承办。     

瑞星解析企业安全三大挑战

近日,“2010年瑞星安全技术论坛”在北京隆重召开。瑞星安全专家通过对网络威胁的整体分析。提出企业安全面临三大安全挑战：利用平板电脑、智能手机等终端移动办公带来的安全风险：多平台和复杂应用带来的数据泄漏风险;公司内网遭到病毒入侵的风险,并提出了相应的解决方案。     

第十五届AVAR国际反病毒安全会议暨2011年全国信息网络安全状况与计算机及移动终端病毒疫情调查结果发布

2012年11月,"第十五届AVAR国际反病毒安全会议"在杭州举行,在本次会议上正式发布2011年全国信息网络安全状况与计算机及移动终端病毒疫情调查(以下简称本次调查)结果。本次调查在公安部网络安全保卫局的指导下有序展开,由国家计算机病毒应急处理中心承担主要工作,历时近1年时间,对我国网络安全现状分析起到了基础性作用。为了增加调查数据的准确性,2011年的调查数据在综合防病毒厂家数据的基础上,累     

手机病毒的发展趋势与防范对策

以智能手机为代表的新一代移动终端从功能上早已超越了传统手机的简单话音通信功能，各种结合声音、图像、数据的新技术层出不穷，成为一个融合通讯、个人业务处理、娱乐的强大个人终端。随着个人业务更多的在移动终端上进行，个人数据更多存储于个人手机终端，移动终端的安全性问题将面临严峻挑战，如手机病毒破坏手机系统，或者拨打国际长途导致用户经济上的重大损失，泄漏窃取手机上的私密信息等。自从2004年6月世界上第一个针对Symbian操作系统的病毒Cabir的出现后，预示着未来移动终端所面临的严峻的安全形势。现在每个星期都有至少一种新的手机病毒产生，而且呈加速增长的趋势。截止2006年4月，全球共出现了将近200种手机病毒。因此，一套有效的移动终端安全解决方案就成了当前智能手机用户的迫切需求。     

计算机终端安全管理策略及应用的方式刍议

计算机终端通常以移动存储介质Web浏览器以及电子邮件等方式,与外界实现数据信息互换,因此很容易受到木马、病毒以及黑客和垃圾邮件的攻击、威胁,而且遭到木马、病毒袭击的计算机终端将成为网络黑客DDOS攻击的主要工具,对计算机网络用户产生了严重的威胁。本文将对计算机终端安全影响因素进行分析,并在此基础上就安全管理策略、应用方式等,谈一下自己的观点和认识,以供参考。     

计算机终端安全管理策略及应用的方式刍议

计算机终端通常以移动存储介质Web浏览器以及电子邮件等方式,与外界实现数据信息互换,因此很容易受到木马、病毒以及黑客和垃圾邮件的攻击、威胁,而且遭到木马、病毒袭击的计算机终端将成为网络黑客DDOS攻击的主要工具,对计算机网络用户产生了严重的威胁。本文将对计算机终端安全影响因素进行分析,并在此基础上就安全管理策略、应用方式等,谈一下自己的观点和认识,以供参考。     

移动传媒终端的科技传播分析

移动传媒终端是在新媒体出现之后而逐渐衍生出来的一种全新的传播媒体。移动传媒终端的出现给我们的生活带来了很大的便利性,更好的实现了人们自我定制的意念。移动传媒终端融合了现代多种科学技术,实现多元化的传播可能性,在很大程度上直接促进了传播媒介的革命。本文首先对移动传媒终端的发展现状进行了分析,并对移动传媒终端发展的意义进行了论述,提出了移动传媒终端科技传播过程中的总的特点和存在的问题,最终就移动传媒终端如何走科技传播的道路进行了详细的分析,希望通过本次研究对更好的开展移动传媒终端的研究和发展有一定的促进作用。     

EPMDroid: Efficient and privacy-preserving malware detection based on SGX through data fusion

Android has stood at a predominant position in mobile operating systems for many years. However, its popularity and openness make it a desirable target of malicious attackers. There is an increasing need for mobile malware detection. Existing analysis methods fall into two categories, i.e., static analysis and dynamic analysis. The dynamic analysis is more effective and timely than the static one, but it incurs a high computational overhead, thus cannot be deployed in resource-constrained mobile devices. Existing studies solve this issue by outsourcing malware detection to the cloud. However, the privacy of mobile app runtime data uploaded to the cloud is not well preserved during both detection model training and malware detection. Numerous efforts have been made to preserve privacy with cryptography, which suffers from high computational overhead and low flexibility. To address these issues, in this paper, we propose an Intel SGX-empowered mobile malware detection scheme called EPMDroid. We also design a probabilistic data structure based on cuckoo filters, named CuckooTable, to effectively fuse features for detection and achieve high space efficiency. We conduct both theoretical analysis and real-world data based tests on EPMDroid performance. Experimental results show that EPMDroid can speed up malware detection by up to 43.8 times and save memory space by up to 3.7 times with the same accuracy, as compared to a baseline method.     

一种基于混合特征的移动终端恶意软件检测方法

随着移动终端恶意软件的种类和数量不断增大,本文针对Android系统恶意软件单特征检测不全面、误报率高等技术问题,提出一种基于动静混合特征的移动终端恶意软件检测方法,以提高检测的覆盖率、准确率和效率.该方法首先采用基于改进的CHI方法和凝聚层次聚类算法优化的K-Means方法构建高危权限和敏感API库,然后分别从静态分...     

Using ontologies to perform threat analysis and develop defensive strategies for mobile security

Existing studies on the detection of mobile malware have focused mainly on static analyses performed to examine the code-structure signature of viruses, rather than the dynamic behavioral aspects. By contrast, the unidentified behavior of new mobile viruses using the self-modification, polymorphic, and mutation techniques for variants have largely been ignored. The problem of precision regarding malware variant detection has become one of the key concerns in mobile security. Accordingly, the present study proposed a threat risk analysis model for mobile viruses, using a heuristic approach incorporating both malware behavior analysis and code analysis to generate a virus behavior ontology associated with the Protégé platform. The proposed model can not only explicitly identify an attack profile in accordance with structural signature of mobile viruses, but also overcome the uncertainty regarding the probability of an attack being successful. This model is able to achieve this by extending frequent episode rules to investigate the attack profile of a given malware, using specific event sequences associated with the sandbox technique for mobile applications (apps) and hosts. For probabilistic analysis, defense evaluation metrics for each node were used to simulate the results of an attack. The simulations focused specifically on the attack profile of a botnet to assess the threat risk. The validity of the proposed approach was demonstrated numerically by using two malware cyber-attack examples. Overall, the results presented in this paper prove that the proposed scheme offers an effective countermeasure, evaluated using a set of security metrics, for mitigating network threats by considering the interaction between the attack profiles and defense needs.     

Attention-based convolutional neural network deep learning approach for robust malware classification

Recently, transforming windows files into images and its analysis using machine learning and deep learning have been considered as a state-of-the art works for malware detection and classification. This is mainly due to the fact that image-based malware detection and classification is platform independent, and the recent surge of success of deep learning model performance in image classification. Literature survey shows that convolutional neural network (CNN) deep learning methods are successfully employed for image-based windows malware classification. However, the malwares were embedded in a tiny portion in the overall image representation. Identifying and locating these affected tiny portions is important to achieve a good malware classification accuracy. In this work, a multi-headed attention based approach is integrated to a CNN to locate and identify the tiny infected regions in the overall image. A detailed investigation and analysis of the proposed method was done on a malware image dataset. The performance of the proposed multi-headed attention-based CNN approach was compared with various non-attention-CNN-based approaches on various data splits of training and testing malware image benchmark dataset. In all the data-splits, the attention-based CNN method outperformed non-attention-based CNN methods while ensuring computational efficiency. Most importantly, most of the methods show consistent performance on all the data splits of training and testing and that illuminates multi-headed attention with CNN model's generalizability to perform on the diverse datasets. With less number of trainable parameters, the proposed method has achieved an accuracy of 99% to classify the 25 malware families and performed better than the existing non-attention based methods. The proposed method can be applied on any operating system and it has the capability to detect packed malware, metamorphic malware, obfuscated malware, malware family variants, and polymorphic malware. In addition, the proposed method is malware file agnostic and avoids usual methods such as disassembly, de-compiling, de-obfuscation, or execution of the malware binary in a virtual environment in detecting malware and classifying malware into their malware family.     

结合局部优化匹配的Android恶意家族检测算法

近年来,飞速增长的Android恶意代码给移动安全研究带来了沉重的负担。为海量的恶意样本进行准确的家族分类对移动恶意代码的识别与演变过程研究具有极为重要的作用。基于此目的提出了一种新的基于局部结构优化分析的恶意软件家族识别与分类方法。从应用程序的反编译文件中提取函数调用图,采用基于节点相似度的迭代匹配算法来构建恶意家族特征,通过对待检测应用程序函数调用图与恶意家族特征的匹配来进行应用程序的恶意性检测与家族识别。实验结果表明,该方法较三项已有研究和Androguard工具具有更好的性能。     

Reaction-diffusion modeling of malware propagation in mobile wireless sensor networks

Mobile Wireless Sensor Networks (MWSNs) are employed in many fields, such as intelligent transportation, community health monitoring, and animal behavior monitoring. However, MWSNs may be vulnerable to malicious interference because of the large-scale characteristics. One of the threats is to inject malware into some nodes, especially mobile nodes. When a contaminated node communicates with its neighbors, multiple copies of the malware are transmitted to its neighbors, which may destroy nodes, block regular communications, or even damage the integrity of regular data packets. This work develops a modeling framework which mathematically characterizes the process of malware propagation in MWSNs based on the theory of reaction-diffusion equation. Our proposed model can efficiently predict the temporal dynamic behavior and spatial distribution of malware propagation over time, so that targeted immunization measures can be taken on infected nodes, whereas most of the existing models for malware propagation can only predict the temporal dynamic behavior rather than the spatial distribution of malware propagation over time. We conduct extensive simulations on large-scale MWSNs to evaluate the proposed model. The simulation results indicate that the proposed model and method are efficient, and that the mobile speed, communication range, and packet transmission rate of nodes are the main factors affecting malware propagation in MWSNs.     

“Andromaly”: a behavioral malware detection framework for android devices

This article presents Andromaly—a framework for detecting malware on Android mobile devices. The proposed framework realizes a Host-based Malware Detection System that continuously monitors various features and events obtained from the mobile device and then applies Machine Learning anomaly detectors to classify the collected data as normal (benign) or abnormal (malicious). Since no malicious applications are yet available for Android, we developed four malicious applications, and evaluated Andromaly’s ability to detect new malware based on samples of known malware. We evaluated several combinations of anomaly detection algorithms, feature selection method and the number of top features in order to find the combination that yields the best performance in detecting new malware on Android. Empirical results suggest that the proposed framework is effective in detecting malware on mobile devices in general and on Android in particular.     

手机恶意软件潜在威胁研究

探讨了手机恶意软件快速增长的几个关键因素。用几个实例说明了手机恶意软件的创建实际上并不如想象的困难，而且它有多种可利用的传播途径，意味着智能手机将面临与桌面计算机相同的恶意软件攻击的风险。最后归纳了防范手机恶意软件的有效措施。     

一种基于模糊哈希的Android变种恶意软件检测方法

Android移动平台中恶意软件变种数量与日俱增,为了能够高效快速地检测出变种样本,提出一种能够根据Apk中字符串以及函数长度分布特征,来生成模糊哈希值的方法,使得同类变种的恶意软件间的哈希值相似。在对变种恶意软件进行检测时,首先利用k-means方法对已知病毒库所产生的模糊哈希值进行聚类,从而简化病毒库。再利用哈密顿距离来计算其与病毒库中各模糊哈希间哈密顿距离。当距离小于阈值,则表示检测到变种。实验结果表明,提出的方法具有检测速度快,抗干扰能力强等特点。