| 基于敏感Native API的恶意软件检测方法 |
| |
| 引用本文: | 白金荣,王俊峰,赵宗渠,刘达富.基于敏感Native API的恶意软件检测方法[J].计算机工程,2012,38(13):9-12. |
| |
| 作者姓名: | 白金荣 王俊峰 赵宗渠 刘达富 |
| |
| 作者单位: | 1. 玉溪师范学院信息技术工程学院,云南玉溪653100;四川大学计算机学院,成都610065
2. 四川大学计算机学院,成都,610065 |
| |
| 基金项目: | 国家“863”计划基金资助项目,四川省青年科技基金资助项目 |
| |
| 摘 要: | 分析恶意软件传播与破坏的行为特征,包括进程、特权、内存操作、注册表、文件和网络等行为。这些行为通过调用相应的API函数来实现,为此,提出一种基于敏感Native API调用频率的恶意软件检测方法,采用Xen进行二次开发,设计对恶意软件透明的分析监测环境。实验结果表明,使用敏感Native API调用频率能够有效地检测多种未知恶意软件。
|
| 关 键 词: | 恶意软件 API调用频率 数据挖掘 动态检测 硬件虚拟 |
| 收稿时间: | 2011-07-22 |
Malware Detection Method Based on Sensitive Native API |
| |
| BAI Jin-rong
,
WANG Jun-feng
,
ZHAO Zong-qu
,
LIU Da-fu.Malware Detection Method Based on Sensitive Native API[J].Computer Engineering,2012,38(13):9-12. |
| |
| Authors: | BAI Jin-rong WANG Jun-feng ZHAO Zong-qu LIU Da-fu |
| |
| Affiliation: | 1.School of Information Technology and Engineering,Yuxi Normal University,Yuxi 653100,China;2.College of Computer Science,Sichuan University,Chengdu 610065,China) |
| |
| Abstract: | This paper analyzes the malware behaviors of propagation and damage,including process,privilege,memory,registry,file and network.The malware accomplishes these behaviors by calling the corresponding Application Programming Interface(API) functions.It proposes a dynamic malware detection method based on perception of sensitive native API calls frequency.It develops transparent monitoring and analysis environment based on source code of Xen.Experimental results indicate that the method can identify unknown malware. |
| |
| Keywords: | malware Application Programming Interface(API) call frequency data mining dynamic detection hardware virtualization |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
