共查询到20条相似文献,搜索用时 187 毫秒
1.
为了解决云计算架构中恶意代码以各种形式入侵产生损害,不能及时发现、维护而造成云计算架构安全性能降低,无法正常使用的问题,建立一套基于BP神经网络的入侵监测系统,实现对云计算架构中恶意代码入侵的自动监测,对及时监测入侵恶意代码及有效增加云计算架构安全有这直接而又重要作用;系统以STM32F103ZET6为主控芯片构建MUC主控单元,并通过EZ-USB FX2 USB2.0控制芯片将各个模块与其相连;采用LM2575系列的稳压器,为系统提供电源;软件设计过程中,采用BP神经网络法计算各恶意代码入侵的输出值,降低监测误差;通过实验测试表明,该系统可实现云计算架构中入侵恶意代码的自动监测功能,且具有扩展性强、操作方便等特点,对云计算架构的使用安全性具有重要的应用价值。 相似文献
2.
目前恶意代码出现频繁且抗识别性加强,现有基于签名的恶意代码检测方法无法识别未知与隐藏的恶意代码。提出一种结合动态行为和机器学习的恶意代码检测方法。搭建自动化分析Cuckoo沙箱记录恶意代码的行为信息和网络流量,结合Cuckoo沙箱与改进DynamoRIO系统作为虚拟环境,提取并融合恶意代码样本API调用序列及网络行为特征。在此基础上,基于双向门循环单元(BGRU)建立恶意代码检测模型,并在含有12 170个恶意代码样本和5 983个良性应用程序样本的数据集上对模型效果进行验证。实验结果表明,该方法能全面获得恶意代码的行为信息,其所用BGRU模型的检测效果较LSTM、BLSTM等模型更好,精确率和F1值分别达到97.84%和98.07%,训练速度为BLSTM模型的1.26倍。 相似文献
3.
恶意代码的机理与模型研究 总被引:2,自引:0,他引:2
恶意代码是信息系统安全的主要威胁之一.从操作系统体系结构的角度研究了恶意代码的产生根源,指出PC操作系统中存在特权主体、内核扩展机制不安全,程序执行环境保护不力等弱点是造成恶意代码泛滥的本质原因.基于F.Cohen的计算机病毒定义,对计算机病毒的传播机理进行了形式化描述.研究了蠕虫程序的模块结构.建立了数据驱动型软件攻击的理论模型,分析了其构成威胁的本质原因. 相似文献
4.
恶意代码行为捕获是进行恶意代码行为分析,提高防御恶意代码能力的基础。当前,随着恶意代码技术的发展,恶意代码结构及其通信活动日益复杂,使得传统的恶意代码行为捕获技术难以有效应对恶意代码的攻击与破坏。如何更加有效地捕获恶意代码行为成了目前信息安全领域的研究热点。基于此目的,本文在充分利用Agent的自主性和适应性,实时采集目标系统的状态信息的基础上,提出了一种基于多Agent的恶意代码行为捕获方案,分析了其行为捕获流程,介绍了功能模块组成,并基于Windows平台实现了该方案,为下一步针对恶意代码分析及防御提供了良好的基础。 相似文献
5.
Robert Moskovitch Dima Stopel Clint Feher Nir Nissim Nathalie Japkowicz Yuval Elovici 《Journal in Computer Virology》2009,5(4):295-308
The recent growth in network usage has motivated the creation of new malicious code for various purposes. Today’s signature-based
antiviruses are very accurate for known malicious code, but can not detect new malicious code. Recently, classification algorithms
were used successfully for the detection of unknown malicious code. But, these studies involved a test collection with a limited
size and the same malicious: benign file ratio in both the training and test sets, a situation which does not reflect real-life
conditions. We present a methodology for the detection of unknown malicious code, which examines concepts from text categorization,
based on n-grams extraction from the binary code and feature selection. We performed an extensive evaluation, consisting of a test collection
of more than 30,000 files, in which we investigated the class imbalance problem. In real-life scenarios, the malicious file
content is expected to be low, about 10% of the total files. For practical purposes, it is unclear as to what the corresponding
percentage in the training set should be. Our results indicate that greater than 95% accuracy can be achieved through the
use of a training set that has a malicious file content of less than 33.3%. 相似文献
6.
Asaf Shabtai Robert Moskovitch Yuval Elovici Chanan Glezer 《Information Security Technical Report》2009,14(1):16-29
This research synthesizes a taxonomy for classifying detection methods of new malicious code by Machine Learning (ML) methods based on static features extracted from executables. The taxonomy is then operationalized to classify research on this topic and pinpoint critical open research issues in light of emerging threats. The article addresses various facets of the detection challenge, including: file representation and feature selection methods, classification algorithms, weighting ensembles, as well as the imbalance problem, active learning, and chronological evaluation. From the survey we conclude that a framework for detecting new malicious code in executable files can be designed to achieve very high accuracy while maintaining low false positives (i.e. misclassifying benign files as malicious). The framework should include training of multiple classifiers on various types of features (mainly OpCode and byte n-grams and Portable Executable Features), applying weighting algorithm on the classification results of the individual classifiers, as well as an active learning mechanism to maintain high detection accuracy. The training of classifiers should also consider the imbalance problem by generating classifiers that will perform accurately in a real-life situation where the percentage of malicious files among all files is estimated to be approximately 10%. 相似文献
7.
Android现有的恶意代码检测机制主要是针对bytecode层代码,这意味着嵌入Native层的恶意代码不能被检测,最新研究表明86%的热门Android应用都包含Native层代码。为了解决该问题,本文提出一种基于Native层的Android恶意代码检测机制,将smali代码和so文件转换为汇编代码,生成控制流图并对其进行优化,通过子图同构方法与恶意软件库进行对比,计算相似度值,并且与给定阈值进行比较,以此来判断待测软件是否包含恶意代码。实验结果表明,跟其他方法相比,该方法可以检测出Native层恶意代码而且具有较高的正确率和检测率。 相似文献
8.
针对现阶段虚拟机防病毒技术存在的缺陷,本文将基于超混沌Hénon映射的加解密技术与多线程技术相结合,提出了基于多线程超混沌密码的恶意代码隐藏算法;在对恶意代码涉及的隐藏性因素进行分析的基础上,基于层次分析法,提出了恶意代码的隐藏性分析模型。利用灰鸽子这一典型恶意代码对提出的恶意代码隐藏算法进行了实验与测试,并利用隐藏性分析模型对测试结果进行了分析,验证了提出的基于多线程超混沌密码的恶意代码隐藏算法的有效性。本文的研究成果可以增强恶意代码的隐藏性,增加恶意代码的威胁程度,为防病毒技术的发展提供了新思路。 相似文献
9.
The expansion of internet technology has made convenience. On the one hand various malicious code is produced. The number of malicious codes occurrence has dramatically increasing, and new or variant malicious code circulation very serious, So it is time to require analysis about malicious code. The being so malicious code pattern extract for malicious code properties of anti-virus company. Visualization possible to make one image for thousands upon thousands of malicious code. and It is possible to extract unseen pattern. Therefore this paper of object is various malicious code analysis besides new or variant malicious code type or form deduction using visualization of strong. Thus this paper proposes unseen malicious code pattern extract. 相似文献
10.
对变形特征码进行归一化处理,改进WM算法,运用启发式扫描、仿真、虚拟化、主动防御等前沿的恶意代码分析技术,采用分布式的设计结构,设计了具有完备恶意代码特征码数据库、高效特征码匹配、自动捕获和控制恶意行为、平衡的资源消耗、较低误报率的网络恶意代码智能分析系统。 相似文献
11.
Ken Dunham CISSP GREM GSEC GCIH Gold Honors GCFA 《Information Security Journal: A Global Perspective》2013,22(4):233-238
ABSTRACT Mitigation of malicious code is increasingly complicated by multi-staged and mutli-variant attacks taking place daily on the Internet today. It is now common for computers to be infected for long periods of time, with malicious browser help objects, rootkits, and similar stealth codes. Identification and removal from a computer can be especially difficult. In some cases, the only reasonable effort may be to completely wipe and reinstall an image of the system, known to be free of malicious code. Manual mitigation of malicious code is a sophisticated process of threat identification, research, mitigation, and monitoring to properly remove all threat components related to an attack. 相似文献
12.
主要应用CiteSpace可视化工具,以近16年在恶意代码检测领域的CNKI中文期刊数据和WOS数据为研究对象,基于文献计量内容分析方法系统地回顾了国内外在恶意代码检测领域的关注点、研究脉络的发展规律、存在的共性与差异性和研究现状。通过对比国内外恶意代码检测的研究进展,可以发现目前恶意代码检测的研究处于增长阶段,并且研究主要关注领域为手机客户端和WEB应用安全等。同时,恶意代码检测研究目前存在的典型问题也暴露出来。展望了恶意代码检测研究可能的发展方向,为国内相关的研究提供参考。 相似文献
13.
网页恶意代码是木马用来传播的主要方式之一,各种有危害性的木马都可以做成网页恶意代码来传播危害用户,通过分析网页恶意代码的运行机理,对其中网页恶意代码实现跨安全域的方法进行深入探讨,分析跨域漏洞形成原因,从程序开发人员的角度给出跨域网页恶意代码的防范方法,为上网用户提供安全的网络环境。 相似文献
14.
K. Vimal Kumar 《Computers & Security》2009,28(1-2):77-84
Since computer hardware and Internet is growing so fast today, security threats of malicious executable code are getting more serious. Basically, malicious executable codes are categorized into three kinds – virus, Trojan Horse, and worm. Current anti-virus products cannot detect all the malicious codes, especially for those unseen, polymorphism malicious executable codes. The newly developed virus will create the damages before it has been found and updated in database. The basic idea of the proposed system is, it will analyze the behavior of the malicious codes and based on the behavior signature of the malicious code content filtering mechanism will be used to filter out contents, so that, the system will be secured from the future communication processes. The behavior of the code is analyzed using the function extraction technology. The function extraction technology will replace the function codes into algebraic expressions. Based on the behavior of the malicious codes, it will be categorized into different kinds of malicious codes. The detected malicious code will be prevented from execution. Based on the type of malicious code, appropriate security mechanism will be used for further communication. 相似文献
15.
Hyun Mi Jung Il-Sun Hwang Jeong-Kyung Moon Hark- Soo Park 《Peer-to-Peer Networking and Applications》2016,9(3):498-507
Recently malicious code is spreading rapidly due to the use of P2P(peer to peer) file sharing. The malicious code distributed mostly transformed the infected PC as a botnet for various attacks by attackers. This can take important information from the computer and cause a large-scale DDos attack. Therefore it is extremely important to detect and block the malicious code in early stage. However a centralized security monitoring system widely used today cannot detect a sharing file on a P2P network. In this paper, to compensate the defect, P2P file sharing events are obtained and the behavior is analyzed. Based on the analysis a malicious file detecting system is proposed and synchronized with a security monitoring system on a virtual machine. In application result, it has been detected such as botnet malware using P2P. It is improved by 12 % performance than existing security monitoring system. The proposed system can detect suspicious P2P sharing files that were not possible by an existing system. The characteristics can be applied for security monitoring to block and respond to the distribution of malicious code through P2P. 相似文献
16.
当前恶意代码具有种类多、危害大、复杂程度高、需要的应急响应速度快等特点,针对现有恶意代码分析方法难以适应现场快速分析处置与应用实践的需求的问题,研究了基于特征阈值的恶意代码分析方法,构建了恶意代码快速分析处置的具体环节,包括环境分析、文件细化、静态分析、动态分析,并通过构建的阈值判断来定位代码的功能和家族属性,并给出清除恶意代码的具体方法。实际应用结果证明,此方法对恶意代码安全特性相关的意图、功能、结构、行为等因素予以综合,实现在现场处置层面上对恶意代码安全性的分析研究,为当前网络安全恶意代码的现场快速响应和处置提供了重要支撑。 相似文献
17.
18.
19.
20.
随着互联网的发展,恶意代码呈现海量化与多态化的趋势,恶意代码家族分类是网络空间安全面临的挑战之一。将半监督生成对抗网络与深度卷积学习网络相结合,构建半监督深度卷积生成对抗网络,提出了一种恶意代码家族分类模型,通过恶意代码家族特征分析,对恶意代码进行特征提取,转化为一维灰度图像;然后基于一维卷积神经网络1D-CNN,构建半监督生成对抗网络SGAN,形成恶意代码家族分类模型SGAN-CNN。从特征提取优化、半监督生成对抗训练算法优化等方面进行恶意代码家族分类能力提升。为了验证SGAN-CNN模型的分类效果,在Microsoft Malware Classification Challenge数据集上进行实验。5折交叉验证测试显示,本文提出的模型在样本标注标签占80%的情况下,分类的平均准确率达到98.81%;在样本标注标签仅有20%的情况下,分类的平均准确率达到98.01%,取得了较好的分类效果。在小样本数量情况下,也能取得不错的分类准确率。 相似文献