本文選題：惡意代碼 + 親緣性��； 參考：《電子科技大學(xué)》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)的不斷推廣和普及,網(wǎng)絡(luò)安全問(wèn)題日益嚴(yán)重,惡意代碼是互聯(lián)網(wǎng)中最嚴(yán)重的安全威脅之一。而當(dāng)前大多數(shù)反病毒廠商所使用的檢測(cè)技術(shù)都是基于傳統(tǒng)的特征碼掃描技術(shù),即使用“掃描引擎+病毒庫(kù)”的體系結(jié)構(gòu)來(lái)構(gòu)建檢測(cè)引擎的框架。這種方式雖然對(duì)已知病毒的檢測(cè)率非常高,且誤報(bào)率極低,但對(duì)新出現(xiàn)的惡意代碼,或者是采用了加殼、多態(tài)、變形等反檢測(cè)技術(shù)的惡意代碼變種無(wú)法準(zhǔn)確、及時(shí)地做出檢測(cè)。同時(shí),隨著時(shí)間的遷移,特征碼掃描技術(shù)中所使用的特征庫(kù)的規(guī)模會(huì)越來(lái)越龐大。本文提出了一種基于親緣性的惡意代碼分析方法,用來(lái)提取每一類(lèi)惡意代碼的親緣性特征,并且使用系統(tǒng)函數(shù)集合、相似代碼段這2部分來(lái)量化的表征這種親緣性特征(簡(jiǎn)稱(chēng)MAS)。在此基礎(chǔ)上,提出了基于親緣性分析的惡意代碼檢測(cè)技術(shù)(簡(jiǎn)稱(chēng)MAS檢測(cè)技術(shù)),設(shè)計(jì)了MAS檢測(cè)引擎,并將其運(yùn)用于一個(gè)入侵檢測(cè)系統(tǒng),同時(shí)設(shè)計(jì)相關(guān)實(shí)驗(yàn)來(lái)驗(yàn)證該檢測(cè)引擎的工作情況。最終證明,基于親緣性分析的惡意代碼檢測(cè)技術(shù)可以達(dá)到較好的檢測(cè)率,但是誤報(bào)率略高,還需要進(jìn)一步改進(jìn)和完善。同時(shí),MAS檢測(cè)技術(shù)在設(shè)計(jì)時(shí)對(duì)于同一類(lèi)惡意代碼只提取一個(gè)通用的MAS特征,并且在檢測(cè)中借鑒了啟發(fā)式檢測(cè)技術(shù)的思想,設(shè)定了檢測(cè)閾值,所以MAS特征庫(kù)不需要經(jīng)常更新,且其檢測(cè)效率在一段時(shí)間內(nèi)都能保持相對(duì)穩(wěn)定,不會(huì)出現(xiàn)大幅度地動(dòng)蕩。
[Abstract]:With the continuous popularization and popularization of the Internet, the problem of network security is becoming more and more serious. Malicious code is one of the most serious security threats in the Internet. And the detection techniques used by most antivirus vendors are based on the traditional feature code scanning technology, that is, using the architecture of "scanning engine + virus library" to construct detection citation. Although the detection rate of the known virus is very high and the false alarm rate is very low, the malware of the new malware, or using the anti detection techniques such as shell, polymorphism, deformation and other anti detection techniques can not be accurate and timely detection. Meanwhile, with the migration of time, the characteristic code scanning technology is used specially. The scale of the levy will be more and more large. In this paper, a kind of malicious code analysis method based on affinity is proposed to extract the genetic characteristics of each kind of malicious code, and the 2 parts of the system function set and similar code segment are used to quantify this kind of affinity characteristics (MAS). On this basis, it is proposed to be based on the affinity. The analysis of malicious code detection technology (MAS detection technology), designed the MAS detection engine, and applied it to an intrusion detection system, and designed the related experiments to verify the work of the detection engine. Finally, it is proved that the malicious code detection technology based on the relative analysis can achieve better detection rate, but the false alarm rate is slightly better. It also needs further improvement and improvement. At the same time, MAS detection technology extracts only a general MAS feature for the same kind of malicious code when it is designed, and uses the idea of heuristic detection technology to set the detection threshold in the detection, so the MAS feature library needs not to be updated frequently, and its detection efficiency can be guaranteed for a period of time. Relatively stable, there will be no big turbulence.

【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前9條

1 崔鵬;;基于語(yǔ)義的啟發(fā)式病毒檢測(cè)引擎研究[J];常熟理工學(xué)院學(xué)報(bào);2008年10期

2 陳娟英;范明鈺;王光衛(wèi);;一種基于親緣性的惡意代碼分析方法[J];信息安全與技術(shù);2014年01期

3 張小康;帥建梅;史林;;基于加權(quán)信息增益的惡意代碼檢測(cè)方法[J];計(jì)算機(jī)工程;2010年06期

4 韓蘭勝;鄒夢(mèng)松;劉其文;劉銘;;多類(lèi)支持向量機(jī)的病毒行為檢測(cè)方法[J];計(jì)算機(jī)應(yīng)用;2010年01期

5 吳丹飛;王春剛;郝興偉;;惡意代碼的變形技術(shù)研究[J];計(jì)算機(jī)應(yīng)用與軟件;2012年03期

6 姜曉新;段海新;;一種PE文件加殼檢測(cè)規(guī)則[J];計(jì)算機(jī)工程;2010年14期

7 沈承東;宋波敏;;基于惡意代碼的檢測(cè)技術(shù)研究[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2012年04期

8 金然;魏強(qiáng);王清賢;;基于抽象特征檢測(cè)變形惡意代碼[J];小型微型計(jì)算機(jī)系統(tǒng);2009年02期

9 袁慎芳;;惡意代碼的分析技術(shù)[J];科技創(chuàng)新導(dǎo)報(bào);2012年03期

相關(guān)碩士學(xué)位論文 前1條

1 張海鵬;惡意代碼的行為分析[D];南京郵電大學(xué);2013年

，

本文編號(hào)：1886136