本文選題：行為捕獲　切入點(diǎn)：惡意代碼　出處：《國(guó)防科學(xué)技術(shù)大學(xué)》2014年碩士論文

【摘要】：惡意代碼行為捕獲是開(kāi)展惡意代碼行為分析,提高惡意代碼防御能力的基礎(chǔ)。當(dāng)前,隨著惡意代碼技術(shù)的發(fā)展,惡意代碼結(jié)構(gòu)及其通信活動(dòng)變的日益復(fù)雜,使得傳統(tǒng)的惡意代碼行為捕獲技術(shù)難以有效應(yīng)對(duì)惡意代碼的攻擊與破壞。如何更加有效地捕獲惡意代碼行為成了目前信息安全領(lǐng)域的研究熱點(diǎn)。眾所周知,惡意代碼行為捕獲關(guān)注的是惡意行為本身,如能對(duì)惡意行為進(jìn)行全面準(zhǔn)確描述,必將有效提高行為捕獲效率與準(zhǔn)確率。基于此目的,本文以全面描述惡意代碼行為特征為切入點(diǎn),設(shè)計(jì)并實(shí)現(xiàn)了惡意代碼行為捕獲原型系統(tǒng),試圖為惡意代碼行為分析提供支持,主要做了以下幾方面工作:第一,分析和研究了惡意代碼相關(guān)技術(shù),從惡意代碼定義著手,重點(diǎn)介紹了典型惡意行為、已有行為分析方法及行為捕獲技術(shù),為行為捕獲系統(tǒng)的設(shè)計(jì)奠定了基礎(chǔ)。第二,提出一種基于多維特征的惡意代碼行為描述方法,從惡意代碼行為時(shí)序、行為類型、依賴特征等多個(gè)維度來(lái)描述惡意代碼特征,更加有效地描述了惡意代碼的本質(zhì)特征,并將此方法應(yīng)用于惡意代碼檢測(cè)。通過(guò)實(shí)例檢測(cè)表明,該方法能有效降低惡意干擾的影響,提高惡意行為捕獲效率和準(zhǔn)確率。第三,提出一種基于多Agent的惡意代碼行為捕獲方案,充分利用agent的自主性和適應(yīng)性,實(shí)時(shí)采集目標(biāo)系統(tǒng)的狀態(tài)信息,為行為捕獲系統(tǒng)的實(shí)現(xiàn)提供了架構(gòu)支撐。最后,設(shè)計(jì)并實(shí)現(xiàn)了惡意代碼行為捕獲原型系統(tǒng)。通過(guò)對(duì)代表性惡意代碼樣本進(jìn)行捕獲分析,從惡意行為捕獲的準(zhǔn)確率和AUC曲線精度兩個(gè)角度,驗(yàn)證了本文方法優(yōu)于已有的基于平均距離的惡意代碼檢測(cè)法。
[Abstract]:Malicious code behavior capture is the basis for developing malicious code behavior analysis and improving malicious code defense ability.At present, with the development of malicious code technology, the structure of malicious code and its communication activities become more and more complex, which makes it difficult for traditional malicious code behavior capture technology to deal with the attack and destruction of malicious code.How to capture malicious code behavior more effectively has become a hot topic in the field of information security.As we all know, malicious code behavior capture is concerned with malicious behavior itself. If the malicious behavior can be described accurately, it will effectively improve the efficiency and accuracy of behavior capture.Based on this purpose, this paper designs and implements a malicious code behavior capture prototype system based on the comprehensive description of malicious code behavior characteristics, and tries to provide support for malicious code behavior analysis. The main work is as follows: first,This paper analyzes and studies the related technologies of malicious code, starting with the definition of malicious code, focusing on the introduction of typical malicious acts, existing behavior analysis methods and behavior capture techniques, which lays a foundation for the design of behavior capture system.Secondly, a method of describing malicious code behavior based on multi-dimension features is proposed, which describes malicious code features from several dimensions, such as time sequence, behavior type, dependency feature and so on, and describes the essential features of malicious code more effectively.This method is applied to malicious code detection.The method can effectively reduce the influence of malicious interference and improve the efficiency and accuracy of malicious behavior acquisition.Thirdly, a malicious code behavior capture scheme based on multiple Agent is proposed, which makes full use of the autonomy and adaptability of agent to collect the state information of the target system in real time, which provides the framework support for the implementation of the behavior capture system.Finally, the prototype system of malicious code behavior capture is designed and implemented.Through the capture analysis of representative malicious code samples, from the two angles of malicious behavior acquisition accuracy and AUC curve accuracy, it is verified that the proposed method is superior to the existing malicious code detection method based on average distance.
【學(xué)位授予單位】：國(guó)防科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08
，

本文編號(hào)：1719580