| 一种基于行为的可信计算动态度量方法 |
| |
| 引用本文: | 纪晓宇,冷冰,周洁.一种基于行为的可信计算动态度量方法[J].通信技术,2015,48(11):1290-1294. |
| |
| 作者姓名: | 纪晓宇 冷冰 周洁 |
| |
| 作者单位: | 中国电子科技集团公司第三十研究所,四川 成都 610041 |
| |
| 摘 要: | 针对恶意软件泛滥而现行杀毒软件无法检测未知恶意软件的情况,同时经分析恶意软件,发现虽然其形式多样,但是表现出的恶意行为却存在一定的规律性。由此提出一种实现可信计算动态度量的方法,通过拦截程序运行期间产生的行为,构建决策树模型,以此为依据来判定程序行为是否符合预期。实验证明,此方法可以检测出未知恶意软件,之后通过改进数据预处理模块可以进一步降低误报率以及漏报率。
|
| 关 键 词: | 可信计算 动态度量 决策树 行为 |
| 收稿时间: | 2015-06-18 |
Behavior-based Dynamic Measurement Method for Trusted Computing |
| |
| JI Xiao-yu,LENG Bing,ZHOU Jie.Behavior-based Dynamic Measurement Method for Trusted Computing[J].Communications Technology,2015,48(11):1290-1294. |
| |
| Authors: | JI Xiao-yu LENG Bing ZHOU Jie |
| |
| Affiliation: | No.30 Institute of CETC, Chengdu Sichuan 610041, China |
| |
| Abstract: | Aiming at the fact that the malicious software runs rampant and current antivirus software could not detect the unknown malicious software,analysis on malicious software is done,and this analysis reveals that the malicious software although various in forms, its behavior is of some regularity. Therefore, a novel method is proposed to realize the dynamic measurement of trusted computing. The behavior of the process is intercepted to generate the decision tree, and based on this whether the application accords with expectation is determined. Experimental results indicate that this method could detect unknown malicious software, and by modifying the preprocessing module,the false alarm rate and missing-report rate could be further reduced. |
| |
| Keywords: | trusted computing dynamic measurement decision tree behavior |
|
| 点击此处可从《通信技术》浏览原始摘要信息 |
|
点击此处可从《通信技术》下载全文 |
|
