本文選題：惡意代碼檢測(cè) + 高斯混合模型　； 參考：《西安建筑科技大學(xué)》2014年碩士論文

【摘要】：隨著信息網(wǎng)絡(luò)的不斷發(fā)展，云計(jì)算技術(shù)廣泛應(yīng)用于各行各業(yè)，伴之而來的是云安全問題成為了阻礙云計(jì)算向更大空間發(fā)展的重要因素。根據(jù)近年來互聯(lián)網(wǎng)安全報(bào)告顯示，由惡意代碼攻擊導(dǎo)致的經(jīng)濟(jì)損失占有相當(dāng)大的比例，且惡意代碼的破壞力和感染力也在不斷增強(qiáng)，影響范圍快速擴(kuò)大，，不僅對(duì)用戶數(shù)據(jù)安全造成了嚴(yán)重威脅，更使企業(yè)和國家可能遭受巨大的經(jīng)濟(jì)損失，因此對(duì)虛擬環(huán)境中惡意代碼檢測(cè)技術(shù)與防范模型的研究顯得尤為重要。 論文的主要具體工作如下： （1）深入研究數(shù)據(jù)挖掘聚類和分類算法，采用高斯混合模型對(duì)系統(tǒng)提交的異常行為進(jìn)行模型聚類，提出分層檢測(cè)機(jī)制，為提高模型聚類精度，引入K-L散度來計(jì)算模型間的差異度，類內(nèi)結(jié)合信息增益和文檔頻率兩種互補(bǔ)型特征提取算法進(jìn)行特征選擇，最終通過基于支持向量機(jī)設(shè)計(jì)的分類器輸出結(jié)果； （2）在已有的基于主機(jī)和基于網(wǎng)絡(luò)的惡意代碼檢測(cè)機(jī)制的基礎(chǔ)上，構(gòu)建虛擬環(huán)境下惡意代碼防范模型，采用基于特征和行為的惡意代碼檢測(cè)機(jī)制，部署異常信息一體化、日志和報(bào)警、同步響應(yīng)和風(fēng)險(xiǎn)應(yīng)對(duì)策略等機(jī)制，實(shí)現(xiàn)對(duì)虛擬環(huán)境下惡意代碼的防御； （3）為了檢測(cè)出客戶端無法判斷的異常行為，提出了一種可用于客戶端與云端交互請(qǐng)求的惡意代碼檢測(cè)算法，將這些無法判斷的異常行為提交至云端做更深一步的檢測(cè)； （4）對(duì)主動(dòng)傳播的惡意代碼的行為結(jié)構(gòu)進(jìn)行分析，構(gòu)造惡意代碼行為傳播樹，將云端無法檢測(cè)的異常行為通過傳播路徑重構(gòu)機(jī)制返回至用戶，由用戶判斷分析。 最后，在已擴(kuò)展的云計(jì)算仿真平臺(tái)CloudSim上對(duì)虛擬環(huán)境進(jìn)行模擬，結(jié)合物理環(huán)境的部署和計(jì)算進(jìn)行系統(tǒng)實(shí)驗(yàn)。結(jié)果表明本文提出的檢測(cè)方法和防范模型對(duì)惡意代碼的檢測(cè)率和準(zhǔn)確率保持著良好的性能，在一定程度上可以有效地防范來自網(wǎng)絡(luò)的惡意代碼攻擊。
[Abstract]:With the continuous development of information network, cloud computing technology is widely used in various industries, and the problem of cloud security has become an important factor hindering the development of cloud computing to a larger space. According to Internet security reports in recent years, the economic losses caused by malicious code attacks account for a considerable proportion, and the destructive and infectious power of malicious code is also increasing, and the scope of influence is rapidly expanding. It not only poses a serious threat to user data security, but also makes enterprises and countries suffer huge economic losses. Therefore, the study of malicious code detection technology and prevention model in virtual environment is particularly important. The main work of the thesis is as follows: In order to improve the accuracy of model clustering, K-L divergence is introduced to calculate the difference between the models by using Gao Si hybrid model to cluster the abnormal behavior submitted by the system, and the delamination detection mechanism is proposed to improve the accuracy of the model clustering. Two complementary feature extraction algorithms, information gain and document frequency, are used to select the features. Finally, the results are outputted by a classifier based on support vector machine (SVM). 2) on the basis of the existing malicious code detection mechanism based on host and network, the malicious code prevention model in virtual environment is constructed, and the malicious code detection mechanism based on features and behaviors is adopted to deploy the integration of abnormal information. The mechanisms of log and alarm, synchronous response and risk response strategy are used to protect against malicious code in virtual environment. In order to detect the abnormal behavior which can not be judged by the client, a malicious code detection algorithm is proposed, which can be used for client and cloud interaction request, which can be submitted to the cloud for further detection. (4) analyzing the behavior structure of the malicious code propagating actively, constructing the spreading tree of malicious code behavior, returning the undetectable abnormal behavior in the cloud to the user through the propagation path reconstruction mechanism, and judging and analyzing by the user. Finally, the virtual environment is simulated on the extended cloud computing simulation platform CloudSim, and the system experiment is carried out with the deployment and calculation of the physical environment. The results show that the detection method and the preventive model proposed in this paper have good performance on the detection rate and accuracy of malicious code, and can effectively prevent malicious code attacks from the network to a certain extent.
【學(xué)位授予單位】：西安建筑科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前9條

1 王蕊;蘇璞睿;楊軼;馮登國;;一種抗混淆的惡意代碼變種識(shí)別系統(tǒng)[J];電子學(xué)報(bào);2011年10期

2 張殿奎;;主機(jī)虛擬化技術(shù)在云計(jì)算中的應(yīng)用研究[J];硅谷;2013年11期

3 葉清;吳曉平;程晉;;基于規(guī)則優(yōu)化與排序的惡意代碼匹配檢測(cè)[J];海軍工程大學(xué)學(xué)報(bào);2010年04期

4 張福勇;齊德昱;胡鏡林;;基于C4.5決策樹的嵌入型惡意代碼檢測(cè)方法[J];華南理工大學(xué)學(xué)報(bào)(自然科學(xué)版);2011年05期

5 李曉冬;李毅超;;基于AEC的惡意代碼檢測(cè)系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用;2007年06期

6 王蕊;馮登國;楊軼;蘇璞睿;;基于語義的惡意代碼行為特征提取及檢測(cè)方法[J];軟件學(xué)報(bào);2012年02期

7 柏海濱;李俊;;基于支持向量機(jī)的入侵檢測(cè)系統(tǒng)的研究[J];計(jì)算機(jī)技術(shù)與發(fā)展;2008年04期

8 ;Key technologies of new malicious code developments and defensive measures in communication networks[J];The Journal of China Universities of Posts and Telecommunications;2010年04期

9 溫志淵;翟健宏;徐徑山;歐陽建國;;基于攻擊行為樹的惡意代碼檢測(cè)平臺(tái)[J];信息網(wǎng)絡(luò)安全;2013年09期

相關(guān)博士學(xué)位論文 前1條

1 李禎;混合QoS模型感知的語義Web服務(wù)組合決策算法研究[D];北京郵電大學(xué);2008年

本文編號(hào)：1879873