| 基于运动轨迹分析的启发式木马检测系统 |
| |
| 引用本文: | 钟明全,范宇,李焕洲,唐彰国,张健.基于运动轨迹分析的启发式木马检测系统[J].计算机应用,2015,35(3):756-760. |
| |
| 作者姓名: | 钟明全 范宇 李焕洲 唐彰国 张健 |
| |
| 作者单位: | 1. 四川师范大学 网络与通信技术研究所, 成都 610066;
2. 四川省标准化研究院 信息发展部, 成都 610031 |
| |
| 基金项目: | 四川省教育厅项目(08ZA043) |
| |
| 摘 要: | 针对主动防御技术检测准确率不高的问题,提出了一种基于运动轨迹分析的启发式木马检测系统。提出了两种典型的木马运动轨迹,利用运动轨迹上的行为数据,结合判定规则与算法,实现对可疑文件危险等级的检测。实验结果表明,该系统检测未知木马性能优于传统方法,并且能够检测一些特殊木马。
|
| 关 键 词: | 主动防御 虚拟机 运动轨迹 文件捆绑 隐藏进程 |
| 收稿时间: | 2014-10-09 |
| 修稿时间: | 2014-11-30 |
Heuristic detection system of Trojan based on trajectory analysis |
| |
| ZHONG Mingquan
,
FAN Yu
,
LI Huanzhou
,
TANG Zhangguo
,
ZHANG Jian.Heuristic detection system of Trojan based on trajectory analysis[J].journal of Computer Applications,2015,35(3):756-760. |
| |
| Authors: | ZHONG Mingquan FAN Yu LI Huanzhou TANG Zhangguo ZHANG Jian |
| |
| Affiliation: | 1. Institute of Network and Communication Technology, Sichuan Normal University, Chengdu Sichuan 610066, China;
2. Information Development Department, Sichuan Institute of Standardization, Chengdu Sichuan 610031, China |
| |
| Abstract: | Concerning of the low accurate rate of active defense technology, a heuristic detection system of Trojan based on the analysis of trajectory was proposed. Two kinds of typical Trojan trajectories were presented, and by using the behavioral data on Trojan trajectory the danger level of the suspicious file was detected with the decision rules and algorithm. The experimental results show that the performance of detecting unknown Trojan of this system is better than that of the traditional method, and some special Trojans can also be detected. |
| |
| Keywords: | active defense Virtual Machine (VM) trajectory file binding hidden process |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
