| 基于最小攻击树的UEFI恶意行为检测模型 |
| |
| 引用本文: | 姜政伟,王晓箴,刘宝旭.基于最小攻击树的UEFI恶意行为检测模型[J].计算机工程与应用,2012,48(32):14-17,46. |
| |
| 作者姓名: | 姜政伟 王晓箴 刘宝旭 |
| |
| 作者单位: | 1. 中国科学院研究生院,北京100049;中国科学院高能物理研究所计算中心,北京100049
2. 中国科学院高能物理研究所计算中心,北京,100049 |
| |
| 基金项目: | 国家科技支撑计划课题(No.2012BAH14802);中科院知识创新重点方向项目(No.YYYJ-1013). |
| |
| 摘 要: | 指出了UEFI中源代码、自身扩展模块及来自网络的安全隐患,分析了传统的BIOS与已有的UEFI恶意代码检测方法的不足,定义了结合UEFI平台特点的攻击树与威胁度,构建了动态扩展的威胁模型库与恶意行为特征库相结合的攻击树模型,设计了针对UEFI恶意行为检测的加权最小攻击树算法。实验证明了模型的有效性与可扩展性。
|
| 关 键 词: | 统一可扩展固件接口 恶意代码 攻击树 安全风险 |
UEFI malicious behavior detection model based on minimal attack treel |
| |
| JIANG Zhengwei
,
WANG Xiaozhen
,
LIU Baoxu.UEFI malicious behavior detection model based on minimal attack treel[J].Computer Engineering and Applications,2012,48(32):14-17,46. |
| |
| Authors: | JIANG Zhengwei WANG Xiaozhen LIU Baoxu |
| |
| Affiliation: | 1 .Graduate School, Chinese Academy of Sciences, Beijing 100049, China 2.Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049, China |
| |
| Abstract: | The potential risk from source code, extension modules of Unified Extensible Firmware Interface (UEFI) and network is pointed out. The shortcomings of existing BIOS and UEFI malicious code detection methods are ana- lyzed, UEFI attack tree and threat level are defined, a UEFI threats model database and malicious behavior character database are built together as an attack tree model with dynamic expansion, weighted minimal attack tree algorithm is designed for UEFI malicious behavior detection. The experimental results show the effectiveness and the expand- ability of this proposed model. |
| |
| Keywords: | Unified Extensible Firmware Interface(UEFI) malicious code attack tree security risk |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
