摘要
恶意代码变种给信息系统安全造成了巨大威胁,为有效检测变种恶意代码,通过动态监控、解析系统调用及参数,将不同对象操作关联到同一对象,构建对象状态变迁图,然后对状态变迁图进行抗混淆处理,获取具有一定抗干扰性的恶意代码行为特征图。最后,基于该特征图检测未知代码。实验结果表明,该方法能够有效抵抗恶意代码重排、垃圾系统调用等混淆技术干扰,而且误报率低,在检测变种恶意代码时具有较好的效果。
Malware variants make a big threat to security of information system. To detect variants of malicious codes effec- tively, through dynamic monitoring and parsing system calls and parameters, this paper related different object operations to the same object, and constructed the object state changing graph. Then it processed the object state changing graph by an anti-ob- fuscation method to acquire the anti-interference behavior signatures graph of malware. Finally, it detected unknown codes based on the behavior signatures graph. As the results of the experiments show, the method can effectively resist the inference like the rearrangement of malicious codes and the inserting of useless system call. It has a low false negative rate in detecting normal programs and has a good result in detecting variants of malicious codes.
出处
《计算机应用研究》
CSCD
北大核心
2013年第10期3106-3109,3113,共5页
Application Research of Computers
基金
国家自然科学基金资助项目(61272492
61103231
61103230)
关键词
恶意代码检测
系统对象
抗混淆
语义
状态变迁图
malware detection
system object
anti-obfuscation
semantics
state changing graph