首页 | 本学科首页   官方微博 | 高级检索  
     

基于Win32 API调用监控的恶意代码检测技术研究
引用本文:陈志云,薛质.基于Win32 API调用监控的恶意代码检测技术研究[J].信息安全与通信保密,2009(7):73-75.
作者姓名:陈志云  薛质
作者单位:上海交通大学信息安全学院,上海,200240
摘    要:论文首先分析了现有动态检测恶意代码技术的不足,指出其受恶意代码的旁路攻击和拟态攻击的可能。然后,提出了防范此类攻击的API陷阱技术和调用地址混淆技术。最后由此实现了一个基于Win32API调用监控的恶意代码检测系统,经实验证明,该系统能检测出已知和未知的恶意代码的攻击。

关 键 词:Windows操作系统  恶意代码  检测

Research OB Malicious Cede Detection Technology Based on Monitoring Win32 API Calls
CHEN Zhi-yun,XUE Zhi.Research OB Malicious Cede Detection Technology Based on Monitoring Win32 API Calls[J].China Information Security,2009(7):73-75.
Authors:CHEN Zhi-yun  XUE Zhi
Affiliation:(School of Information Security Engineering, Shanghai Jiaotong University, Shanghai 200240, China)
Abstract:This paper analyzes first the existing dynamic malicious code detection technology and its deficiencies, and points out the probability that those technologies may be affected by mimetic attack and bypass attack of the malicious code. Then, it proposes an API trap technology and call address confusion technology for preventing the bypass attack and mimetic attack, thus achieving a malicious code detection system based on Win32 API calls monitoring technology. The experiment indicates that the system could detect the known and unknown malicious code.
Keywords:windows operating system  malicious code  detection
本文献已被 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号