本文選題：惡意代碼 + 親緣性��； 參考：《電子科技大學》2014年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)的不斷推廣和普及,網(wǎng)絡安全問題日益嚴重,惡意代碼是互聯(lián)網(wǎng)中最嚴重的安全威脅之一。而當前大多數(shù)反病毒廠商所使用的檢測技術都是基于傳統(tǒng)的特征碼掃描技術,即使用“掃描引擎+病毒庫”的體系結構來構建檢測引擎的框架。這種方式雖然對已知病毒的檢測率非常高,且誤報率極低,但對新出現(xiàn)的惡意代碼,或者是采用了加殼、多態(tài)、變形等反檢測技術的惡意代碼變種無法準確、及時地做出檢測。同時,隨著時間的遷移,特征碼掃描技術中所使用的特征庫的規(guī)模會越來越龐大。本文提出了一種基于親緣性的惡意代碼分析方法,用來提取每一類惡意代碼的親緣性特征,并且使用系統(tǒng)函數(shù)集合、相似代碼段這2部分來量化的表征這種親緣性特征(簡稱MAS)。在此基礎上,提出了基于親緣性分析的惡意代碼檢測技術(簡稱MAS檢測技術),設計了MAS檢測引擎,并將其運用于一個入侵檢測系統(tǒng),同時設計相關實驗來驗證該檢測引擎的工作情況。最終證明,基于親緣性分析的惡意代碼檢測技術可以達到較好的檢測率,但是誤報率略高,還需要進一步改進和完善。同時,MAS檢測技術在設計時對于同一類惡意代碼只提取一個通用的MAS特征,并且在檢測中借鑒了啟發(fā)式檢測技術的思想,設定了檢測閾值,所以MAS特征庫不需要經(jīng)常更新,且其檢測效率在一段時間內(nèi)都能保持相對穩(wěn)定,不會出現(xiàn)大幅度地動蕩。
[Abstract]:With the continuous popularization and popularization of the Internet, the problem of network security is becoming more and more serious. Malicious code is one of the most serious security threats in the Internet. And the detection techniques used by most antivirus vendors are based on the traditional feature code scanning technology, that is, using the architecture of "scanning engine + virus library" to construct detection citation. Although the detection rate of the known virus is very high and the false alarm rate is very low, the malware of the new malware, or using the anti detection techniques such as shell, polymorphism, deformation and other anti detection techniques can not be accurate and timely detection. Meanwhile, with the migration of time, the characteristic code scanning technology is used specially. The scale of the levy will be more and more large. In this paper, a kind of malicious code analysis method based on affinity is proposed to extract the genetic characteristics of each kind of malicious code, and the 2 parts of the system function set and similar code segment are used to quantify this kind of affinity characteristics (MAS). On this basis, it is proposed to be based on the affinity. The analysis of malicious code detection technology (MAS detection technology), designed the MAS detection engine, and applied it to an intrusion detection system, and designed the related experiments to verify the work of the detection engine. Finally, it is proved that the malicious code detection technology based on the relative analysis can achieve better detection rate, but the false alarm rate is slightly better. It also needs further improvement and improvement. At the same time, MAS detection technology extracts only a general MAS feature for the same kind of malicious code when it is designed, and uses the idea of heuristic detection technology to set the detection threshold in the detection, so the MAS feature library needs not to be updated frequently, and its detection efficiency can be guaranteed for a period of time. Relatively stable, there will be no big turbulence.

【學位授予單位】：電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前9條

1 崔鵬;;基于語義的啟發(fā)式病毒檢測引擎研究[J];常熟理工學院學報;2008年10期

2 陳娟英;范明鈺;王光衛(wèi);;一種基于親緣性的惡意代碼分析方法[J];信息安全與技術;2014年01期

3 張小康;帥建梅;史林;;基于加權信息增益的惡意代碼檢測方法[J];計算機工程;2010年06期

4 韓蘭勝;鄒夢松;劉其文;劉銘;;多類支持向量機的病毒行為檢測方法[J];計算機應用;2010年01期

5 吳丹飛;王春剛;郝興偉;;惡意代碼的變形技術研究[J];計算機應用與軟件;2012年03期

6 姜曉新;段海新;;一種PE文件加殼檢測規(guī)則[J];計算機工程;2010年14期

7 沈承東;宋波敏;;基于惡意代碼的檢測技術研究[J];網(wǎng)絡安全技術與應用;2012年04期

8 金然;魏強;王清賢;;基于抽象特征檢測變形惡意代碼[J];小型微型計算機系統(tǒng);2009年02期

9 袁慎芳;;惡意代碼的分析技術[J];科技創(chuàng)新導報;2012年03期

相關碩士學位論文 前1條

1 張海鵬;惡意代碼的行為分析[D];南京郵電大學;2013年

，

本文編號：1886136