| Linux系统中基于多路径的恶意行为规范挖掘 |
| |
| 引用本文: | 刘琳爽,缪力.Linux系统中基于多路径的恶意行为规范挖掘[J].计算机系统应用,2010,19(9):168-172. |
| |
| 作者姓名: | 刘琳爽 缪力 |
| |
| 作者单位: | 湖南大学,软件学院,湖南,长沙,410082 |
| |
| 摘 要: | Linux恶意代码检测是Linux安全框架的一个重要组成部分。大多数现存的依照特征进行检测的方法通常落后于恶意代码的发展,已经不能满足日益迫切的安全需求,而基于行为的检测器往往需要高质量的恶意行为规范。使用了一种基于系统调用的自动挖掘规范技术,并在此基础上开发恶意代码的多执行路径,使其规范更详细更全面,从而提高检测器的检测率。
|
| 关 键 词: | Linux恶意代码 行为规范 自动挖掘 多执行路径 |
| 收稿时间: | 1/3/2010 12:00:00 AM |
| 修稿时间: | 4/2/2010 12:00:00 AM |
Mining Specifications of Malicious Behaviors Based on Multiple Paths in Linux |
| |
| LIU Lin-Shuang and MIAO Li.Mining Specifications of Malicious Behaviors Based on Multiple Paths in Linux[J].Computer Systems& Applications,2010,19(9):168-172. |
| |
| Authors: | LIU Lin-Shuang and MIAO Li |
| |
| Affiliation: | (Department of Software, Hunan University, Changsha 410082, China) |
| |
| Abstract: | The malware detection is one of the important parts in a secure Linux frame.Most existing malware detection methods are based on the signature and generally leave behind the development of the malware technology, which cannot meet the ever increaing needs of security.Behavior-based detectors require high-quality specifications of malicious behavior.This paper introduces an automatic technique to mine specifications of malicious behavior based on system calls and explores multiple execution paths for malware specifications, which helps the specifications to be more specific and more comprehensive, and improves the rate of detection of the behavior-based detectors. |
| |
| Keywords: | Linux malicious code specifications of behavior automatic mining multiple paths |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机系统应用》浏览原始摘要信息 |
|
点击此处可从《计算机系统应用》下载全文 |
|
