一种基于主动学习的数据库恶意行为检测方法

本文针对现有恶意软件检测系统无法保证数据库恶意行为检测的效率和精度的问题,设计了一个基于机器学习中主动学习原理的数据库恶意行为检测方法并在MySQL上实现了原型系统。测试表明该系统对数据库恶意行为检测具有较高的检测率,较低的误报率和漏报率。     

恶意代码的变形技术研究

恶意代码常常使用一些隐形技术来躲避反病毒软件的检测。然而,采用加密和多态技术的恶意代码已经难以躲避基于特征码和代码仿真技术的检测,而变形技术却呈现出较强的反检测能力。通过对变形技术作深入的分析,详细介绍了变形引擎及其所采用的代码混淆技术,以及当前的变形恶意代码检测技术,并简要分析了变形技术在软件防护领域的应用。     

基于RFID系统的安全性问题研究

随着RFID技术的飞速发展与广泛应用,RFID系统的自身安全威胁及基于其的恶意代码也在快速发展。为了更好地对抗安全威胁和恶意代码,需要透彻地分析了解其原理。详细分析了当前RFID系统的自身安全问题及现有的攻击手段,给出了相应的防范措施;并根据RFID系统的特点,提出了基于RFIv系统的恶意代码免疫模型。     

SAAD,a content based Web Spam Analyzer and Detector

Web Spam is one of the main difficulties that crawlers have to overcome and therefore one of the main problems of the WWW. There are several studies about characterising and detecting Web Spam pages. However, none of them deals with all the possible kinds of Web Spam. This paper shows an analysis of different kinds of Web Spam pages and identifies new elements that characterise it, to define heuristics which are able to partially detect them. We also discuss and explain several heuristics from the point of view of their effectiveness and computational efficiency. Taking them into account, we study several sets of heuristics and demonstrate how they improve the current results. Finally, we propose a new Web Spam detection system called SAAD (Spam Analyzer And Detector), which is based on the set of proposed heuristics and their use in a C4.5 classifier improved by means of Bagging and Boosting techniques. We have also tested our system in some well known Web Spam datasets and we have found it to be very effective.     

基于PE静态结构特征的恶意软件检测方法

针对现有检测方法的不足,提出了一种通过挖掘PE文件结构信息来检测恶意软件的方法,并用最新的PE格式恶意软件进行了实验。结果显示,该方法以99.1%的准确率检测已知和未知的恶意软件,评价的重要指标AUC值是0.998,已非常接近最优值1,高于现有的静态检测方法。同时,与其他方法相比,该检测方法的处理时间和系统开销也是较少的,对采用加壳和混淆技术的恶意软件也保持稳定有效,已达到了实时部署使用要求。此外,现有的基于数据挖掘的检测方法在特征选择时存在过度拟合数据的情况,而该方法在这方面具有较强的鲁棒性。     

A Survey on malware analysis and mitigation techniques

In recent days, malwares are advanced, sophisticatedly engineered to attack the target. Most of such advanced malwares are highly persistent and capable of escaping from the security systems. This paper explores such an advanced malware type called Advanced Persistent Threats (APTs). APTs pave the way for most of the Cyber espionages and sabotages. APTs are highly sophisticated, target specific and operate in a stealthy mode till the target is compromised. The intention of the APTs is to deploy target specific automated malwares in a host or network to initiate an on-demand attack based on continuous monitoring. Encrypted covert communication and advanced, sophisticated attack techniques make the identification of APTs more challenging. Conventional security systems like antivirus, anti-malware systems which depend on signatures and static analysis fail to identify these APTs. The Advanced Evasive Techniques (AET) used in APTs are capable of bypassing the stateful firewalls housed in the enterprise choke points at ease. Hence, this paper presents a detailed study on sophisticated attack and evasion techniques used by the contemporary malwares. Furthermore, existing malware analysis techniques, application hardening techniques and CPU assisted application security schemes are also discussed. Finally, the study concludes by presenting the System and Network Security Design (SNSD) using existing mitigation techniques.     

基于SVM的Android应用程序安全检测综述

当前基于SVM的Android应用程序安全检测技术主要是通过将SVM算法与动静态分析方法相结合,应用于Android应用程序的漏洞和恶意软件的检测中,而恶意软件的检测又可分为恶意行为的检测和恶意代码的检测。故本文按SVM算法应用到的检测领域分类,分别对其应用于Android应用程序中的恶意行为检测、恶意代码检测和漏洞检测方面的研究进行分析与讨论,并总结了当前该领域中仍然存在的一些问题,给出了SVM算法和其应用于Android安全检测中的改进之处,最后对未来的发展进行了展望。     

基于动态分析的Android应用程序安全研究

Android操作系统由于其功能强大、开发方便,短短几年就已经成为全球第一份额的智能手机操作系统,同时也成为了恶意攻击的首选目标。首先简单介绍Android恶意软件及其检测方法;然后对Android安全中比较准确的动态分析技术进行综述,详细介绍各种动态分析技术的工作原理、技术方案以及技术的性能水平和检测效果,分析并比较它们各自的优缺点;最后,提出几个值得深入研究的技术方向。     

Partial differential equation modeling of malware propagation in social networks with mixed delays

With the wide applications of social networks, government and individuals increasingly emphasize information networks security. This paper is devoted to investigating a reaction–diffusion malware propagation model with mixed delays to describe the process of social networks. Applying matrix theory for characteristic values, we establish the local stability conditions of a positive equilibrium point. Based on the linear approximation method of nonlinear systems, the Hopf bifurcation at the positive equilibrium point is considered. Additionally, we identify some sensitive parameters in the process of malware propagation that are significant for control theory. Finally, numerical simulations are performed to illustrate the theoretical results.     

基于云计算的恶意软件攻击行为自主防护仿真

针对传统恶意软件攻击行为自主防护未能识别出恶意软件的数据特征,导致自主防护能力较差的问题,提出一种基于云计算的恶意软件攻击行为自主防护方法,通过Fourier变换方法利用滤波后网络数据得到振荡衰减规律,通过振荡衰减规律获取信息传输过程网络输出解析模型,获得高阶累积量切片函数;采用高阶累积量后置搜索方法对网络输出解析模型进行搜索,全面识别恶意软件攻击行为数据特征,通过FIR滤波方法处理云计算环境下网络数据,对网络数据干扰抑制;将恶意软件攻击行为数据特征通过向量序列形式表示,选取平方预测误差方法求解向量序列,将大于平方预测误差门限值的数据作为恶意软件攻击行为特征进行自主防护。仿真结果表明,恶意软件攻击行为自主防护性能较强。