摘要
现主流的恶意代码检测软件使用的大多是特征码扫描来检测已知恶意代码,而恶意程序的搜集很困难,特征码的提取需要专业人士人工完成,效率低,并处于被动状态。针对特征码扫描方法的不足,提出了一种基于行为分析方法的主动防御系统,该系统采用进程评分和综合行为两种机制判断执行程序是否为恶意代码,对进程、文件和注册表等评分,对进程行为和系统关键资源进行监控、自动分析、诊断,有效地抵制了未知病毒和未知攻击的侵入,保障终端系统的安全性。
The methods of signature scanning are often used by current main malicious code detection software to detect known malicious codes. But it is difficult to collect malicious software, and efficiency is low and mode is passive since the extraction of signature often only can be completed by professional. Concerned on the deficiency of malicious code detection methods, the paper presents the active defense system based on behavior analysis method which uses mechanisms of process grading and composite behaviors to decide if the executing program is malicious. By scoring to processes, files and registry value, monitoring, analyzing automatically and diagnosing to process behaviors and key resources of system, the active defense system can defense intrusion of unknown virus and attacks effectively, which leads a secure terminal system.
引文
[1]张贵军.大数据时代网络安全管理现状及主动防御系统[J].电子技术与软件工程, 2017(11):203.
[2]陈顼颢,王志英,任江春,等.一种新型病毒主动防御技术与检测算法[J].计算机应用研究, 2010, 27(6):2338-2340.
[3]杨阿辉,陈鑫昕.基于SSDT的病毒主动防御技术研究[J].计算机应用与软件, 2010, 27(10):288-290.
[4]程龙.基于行为分型模型的主动防御系统的研究[D].杭州:浙江工商大学, 2015.
[5]商海波.木马的行为分析及新型反木马策略的研究[D].杭州:浙江工业大学,2005
[6]黄步根,黄政,赵兵.鉴定木马程序来源的两种方法[J].中国司法鉴定, 2009, 2009(3):79-82.
[7]王国栋.基于行为分析的木马检测算法在ICS中的研究[D].重庆:重庆理工大学, 2016.
[8]张琦,李梅.基于行为分析的木马检测系统设计与实现[J].电子技术与软件工程, 2016(18):224.