| 基于主机行为特征的恶意软件检测方法 |
| |
| 引用本文: | 张永斌,张艳宁.基于主机行为特征的恶意软件检测方法[J].计算机应用研究,2014,31(2):547-550. |
| |
| 作者姓名: | 张永斌 张艳宁 |
| |
| 作者单位: | 西北工业大学 计算机学院, 西安 710129 |
| |
| 基金项目: | 国家自然科学基金资助项目(60903126, 60872145) |
| |
| 摘 要: | 针对僵尸、远控木马等恶意软件检测问题, 提出一种基于主机行为的异常检测模型。该模型通过持续性分析算法, 判断主机与外部特定目标的通信行为是否具有周期性或连续性, 提取出可疑的网络行为, 并根据网络行为的触发、启动等异常检测规则对这些可疑的网络行为进行分析, 判断主机是否感染恶意软件。实验结果表明, 该模型可有效检测出感染恶意软件的主机, 并具有很低误报率。
|
| 关 键 词: | 网络安全 恶意软件 僵尸网络 木马 |
Malware detection by monitoring host's activities |
| |
| ZHANG Yong-bin,ZHANG Yan-ning.Malware detection by monitoring host's activities[J].Application Research of Computers,2014,31(2):547-550. |
| |
| Authors: | ZHANG Yong-bin ZHANG Yan-ning |
| |
| Affiliation: | School of Computer Science, Northwestern Polytechnical University, Xi'an 710129, China |
| |
| Abstract: | To detect malware such as bot and trojan, this paper proposed a method based on inherent activities of compromised hosts. This method identified suspicious network traffic through persistent arithmetic that measured if hosts had temporal regularity when communicating with other hosts, and analyzed suspicious network traffic through rules of user driven activities and occurring moments to detect compromised hosts. The results show that the system can accurately detect compromised hosts with low error rates. |
| |
| Keywords: | network security malware botnet trojan |
|
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
