發(fā)布時間：2018-03-19 10:43

  本文選題：惡意代碼　切入點：多路徑執(zhí)行　出處：《南昌大學》2014年碩士論文　論文類型：學位論文

【摘要】：隨著互聯網的飛速發(fā)展和社會生活信息化的深入，人們越來越依賴于互聯網帶來的方便和快捷。與此同時，惡意代碼也在與時俱進不斷發(fā)展和壯大。在利益的驅動下出現了黑色產業(yè)鏈，黑色產業(yè)鏈的出現極大地加快了惡意代碼的生產速度和傳播速度。為了避免遭受惡意代碼的侵害，對惡意代碼的檢測也就變得十分有意義。 目前惡意代碼的行為分析技術中還存在很多的不足之處，，本文主要針對其中的兩點作為本文重點研究對象。其一：動態(tài)分析中的多路徑執(zhí)行方法在實際應用中存在路徑覆蓋率低的問題，進而出現對惡意代碼的漏報；其二：以往在基于系統調用的特征表示與提取過程中，只把單個的系統調用作為一個特征，這種特征表示方法忽略了相鄰系統調用之間的順序關系，而相鄰系統調用間的順序信息對于行為的判定有積極的作用。 針對上述的不足，本文試圖解決以上的兩個問題，本文的主要工作如下： （1）提出基于高語句覆蓋率的多路徑執(zhí)行方法，用于提高路徑覆蓋率。 （2）提出系統調用部分有序的特征表示和提取方法，強調相鄰系統調用之間的順序關系。 （3）研究支持向量機的原理及其在惡意代碼檢測方面的應用。 （4）完成基于行為分析的惡意代碼檢測系統的設計和初步實現，并通過實驗驗證上述方法的有效性。
[Abstract]:With the rapid development of the Internet and the deepening of the informatization of social life, people rely more and more on the convenience and rapidity brought by the Internet. The emergence of black industry chain greatly speeds up the production speed and spread speed of malicious code. In order to avoid being infringed by malicious code, the black industry chain has emerged under the driving of interests, and the emergence of the black industry chain has greatly accelerated the production speed and spread speed of malicious code, in order to avoid being infringed by malicious code, The detection of malicious code becomes very meaningful. At present, there are still many shortcomings in the behavior analysis technology of malicious code. This paper mainly focuses on two of them as the focus of this study. First, the multi-path execution method in dynamic analysis has the problem of low path coverage in practical application, and then the malicious code is not reported; Secondly, in the process of feature representation and extraction based on system call, only a single system call is considered as a feature, which ignores the sequential relation between adjacent system calls. The sequence information between adjacent system calls has a positive effect on the determination of behavior. In view of the above shortcomings, this paper tries to solve the above two problems, the main work of this paper is as follows:. A multipath execution method based on high statement coverage is proposed to improve the path coverage. (2) A partial ordered feature representation and extraction method of system call is proposed, and the sequential relation between adjacent system calls is emphasized. The principle of support vector machine (SVM) and its application in malicious code detection are studied. Finally, the design and preliminary implementation of the malicious code detection system based on behavior analysis are completed, and the effectiveness of the above method is verified by experiments.
【學位授予單位】：南昌大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前3條

1 李朝君;蔣凡;;符號執(zhí)行中高語句覆蓋率的路徑調度[J];計算機工程與應用;2010年14期

2 徐明,陳純,應晶;基于系統調用分類的異常檢測(英文)[J];軟件學報;2004年03期

3 管云濤;段海新;;自動的惡意代碼動態(tài)分析系統的設計與實現[J];小型微型計算機系統;2009年07期

本文編號：1633921