| 基于动态模拟的多态Shellcode检测系统 |
| |
| 引用本文: | 王兰佳,段海新,李星. 基于动态模拟的多态Shellcode检测系统[J]. 计算机工程, 2008, 34(13): 7-9 |
| |
| 作者姓名: | 王兰佳 段海新 李星 |
| |
| 作者单位: | 清华大学电子工程系,北京,100084;清华大学信息网络工程研究中心,北京,100084 |
| |
| 基金项目: | 国家“973”计划基金资助项目(2003CB314805) |
| |
| 摘 要: | 通过分析多态Shellcode的行为特征,提出基于动态模拟的判决准则。以此准则为核心,针对现有方法的性能和应用性较差的问题,设计并实现了一个基于动态模拟的多态Shellcode检测系统,其模块采用多种优化技术以提高系统性能。使用3.3 GB实际网络数据和 11 000个多态Shellcode样本对原型系统进行实验,其虚警和漏警率均为0,提高了系统的吞吐量。
|
| 关 键 词: | 多态Shellcode 动态模拟 入侵检测 |
| 修稿时间: | |
Polymorphic Shellcode Detection System Based on Dynamic Emulation |
| |
| WANG Lan-jia,DUAN Hai-xin,LI Xing. Polymorphic Shellcode Detection System Based on Dynamic Emulation[J]. Computer Engineering, 2008, 34(13): 7-9 |
| |
| Authors: | WANG Lan-jia DUAN Hai-xin LI Xing |
| |
| Affiliation: | (1. Dept. of Electronic Engineering, Tsinghua University, Beijing 100084; 2. Network Research Center, Tsinghua University, Beijing 100084) |
| |
| Abstract: | Based on the analysis of the characteristics of polymorphic Shellcode’s behavior, an dynamic emulation based detection criterion is proposed. Using the criterion, this paper designs and implements a dynamic emulation based polymorphic Shellcode detection system, which is highly optimized in each module. With 3.3 GB real network data and 11 000 polymorphic Shellcode samples, the experiment on prototype presents zero false positive and false negative, and it improves the throughput of system. |
| |
| Keywords: | polymorphic Shellcode dynamic emulation intrusion detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
