| 基于Win32 API调用监控的恶意代码检测技术研究 |
| |
| 引用本文: | 陈志云,薛质.基于Win32 API调用监控的恶意代码检测技术研究[J].信息安全与通信保密,2009(7):73-75. |
| |
| 作者姓名: | 陈志云 薛质 |
| |
| 作者单位: | 上海交通大学信息安全学院,上海,200240 |
| |
| 摘 要: | 论文首先分析了现有动态检测恶意代码技术的不足,指出其受恶意代码的旁路攻击和拟态攻击的可能。然后,提出了防范此类攻击的API陷阱技术和调用地址混淆技术。最后由此实现了一个基于Win32API调用监控的恶意代码检测系统,经实验证明,该系统能检测出已知和未知的恶意代码的攻击。
|
| 关 键 词: | Windows操作系统 恶意代码 检测 |
Research OB Malicious Cede Detection Technology Based on Monitoring Win32 API Calls |
| |
| CHEN Zhi-yun,XUE Zhi.Research OB Malicious Cede Detection Technology Based on Monitoring Win32 API Calls[J].China Information Security,2009(7):73-75. |
| |
| Authors: | CHEN Zhi-yun XUE Zhi |
| |
| Affiliation: | (School of Information Security Engineering, Shanghai Jiaotong University, Shanghai 200240, China) |
| |
| Abstract: | This paper analyzes first the existing dynamic malicious code detection technology and its deficiencies, and points out the probability that those technologies may be affected by mimetic attack and bypass attack of the malicious code. Then, it proposes an API trap technology and call address confusion technology for preventing the bypass attack and mimetic attack, thus achieving a malicious code detection system based on Win32 API calls monitoring technology. The experiment indicates that the system could detect the known and unknown malicious code. |
| |
| Keywords: | windows operating system malicious code detection |
| 本文献已被 维普 万方数据 等数据库收录! |
