| 基于攻击树的木马检测方法 |
| |
| 引用本文: | 杨彦,黄皓.基于攻击树的木马检测方法[J].计算机工程与设计,2008,29(11):2711-2714. |
| |
| 作者姓名: | 杨彦 黄皓 |
| |
| 作者单位: | 1. 南京大学,计算机科学与技术系,江苏,南京,210093
2. 南京大学,计算机科学与技术系,江苏,南京,210093;南京大学,软件新技术国家重点实验室,江苏,南京,210093 |
| |
| 摘 要: | 木马是以获取主机控制权和窃取信息为主要目的恶意程序,对网络安全和信息安全造成极大危害.研究并总结了木马攻击行为的规律,提出了一种通过静态分析PE文件采发现木马的方法.对现有的攻击树模型进行改进,设计了扩展攻击树模型,以此对木马攻击中常见的危险系统调用序列进行建模,将分析PE文件得到的API调用集合与建模得到的攻击树作匹配,来预测程序中可能存在的攻击行为,并能有效地区分木马文件和正常文件.
|
| 关 键 词: | 木马检测 攻击树 静态分析 可执行文件 系统调用 |
| 文章编号: | 1000-7024(2008)11-2711-04 |
| 修稿时间: | 2007年6月21日 |
Detection method of Trojan horse based on attack tree |
| |
| YANG Yan,HUANG Hao.Detection method of Trojan horse based on attack tree[J].Computer Engineering and Design,2008,29(11):2711-2714. |
| |
| Authors: | YANG Yan HUANG Hao |
| |
| Affiliation: | YANG Yan1,HUANG Hao1,2 (1. Department of Computer Science , Technology,Nanjing University,Nanjing 210093,China,2. State Key Laboratory for Novel Software Technology,China) |
| |
| Abstract: | Trojan is malicious program which is designed to obtain privilege and steal information; it seriously endangers the internet se- curity and information security. The rules of Trojan's attack actions are researched, a new Trojan horse detection method based on executable static analysis is proposed. The present attack tree model is improved, an extended attack tree model is designed to d escribe the sequences of threatening system calls Trojan commonly used. Matched the set of APIs used in PE file with the o... |
| |
| Keywords: | Trojan horse detection attack tree static analysis portable executable file system call |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
