èŠ‚ç‚¹æ–‡çŒ®

åƒµå°¸å·¥å…·ç±»æ¶æ„ä»£ç çš„æ£€æµ‹ç ”ç©¶

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ é™ˆå…†å†²ï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ ç”µåç§‘æŠ€å¤§å¦ ï¼Œ ä¿¡æ¯ä¸Žé€šä¿¡å·¥ç¨‹ï¼Œ 2009ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ éšç€äº’è”ç½‘æŠ€æœ¯åŠåº”ç”¨çš„ä¸æ–å‘å±•,ä¼ä¸šå’Œç”¨æˆ·é¢ä¸´ç€è¶Šæ¥è¶Šå¤šçš„ä¿¡æ¯å®‰å…¨é—®é¢˜ã€‚è¿‘å¹´æ¥,ç‰¹åˆ«æ˜¯æ¶æ„ä»£ç åœ¨ç½‘ç»œä¸çš„æ³›æ»¥,å¯¹ç½‘ç»œå®‰å…¨é€ æˆäº†å¾ˆå¤§çš„å¨èƒ,ä¹Ÿé€ æˆäº†å¾ˆå¤§çš„ç»æµŽæŸå¤±ã€‚ç‰¹åˆ«æ˜¯åƒµå°¸å·¥å…·ç±»çš„æ¶æ„ä»£ç èžåˆäº†è®¸å¤šç—…æ¯’,æœ¨é©¬,è •è™«çš„ç‰¹æ€§,å¹¶ä¸”å¯ä»¥æŽ¥å—æ”»å‡»è€…çš„æŽ§åˆ¶å‘½ä»¤,æŽ§åˆ¶æˆåƒä¸Šä¸‡å°ä¸»æœºåŒæ—¶å‘ä¸€ä¸ªç›®æ ‡å‘åŠ¨æ”»å‡»,å¯¹å®‰å…¨çš„å¨èƒæžå¤§ã€‚è¿™ç±»æ¶æ„ä»£ç ä¹Ÿå¼•èµ·äº†ç½‘ç»œå®‰å…¨é¢†åŸŸçš„å¹¿æ³›å…³æ³¨ã€‚æœ¬æ–‡é’ˆå¯¹æ¶æ„ä»£ç çš„å®‰å…¨å¨èƒå’Œå½“å‰æ£€æµ‹æŠ€æœ¯å˜åœ¨çš„é—®é¢˜,æå‡ºäº†åŸºäºŽBPç½‘ç»œçš„æ¶æ„ä»£ç è¡Œä¸ºç‰¹å¾æ£€æµ‹æ–¹æ³•ã€‚è¯¥æ–¹æ³•å¼¥è¡¥äº†å½“å‰æ£€æµ‹æ–¹æ³•å˜åœ¨çš„ä¸€äº›é—®é¢˜,åŒ…æ‹¬ç‰¹å¾ç åŒ¹é…æ£€æµ‹æ–¹æ³•ä¸èƒ½æ£€æµ‹æœªçŸ¥æ¶æ„ä»£ç ,è¡Œä¸ºåˆ†æžæ–¹æ³•ä¸èƒ½æœ‰æ•ˆåˆ¤æ–æ¶æ„ä»£ç ,ä»¥åŠæ¨¡å¼è¯†åˆ«æ–¹æ³•ä¼šéé‡ä¸€äº›åæ£€æµ‹æ–¹æ³•çš„å½±å“ã€‚ç„¶åŽåˆ©ç”¨è¿™ç§æ–¹æ³•å®žçŽ°äº†æ¶æ„ä»£ç æ£€æµ‹ç³»ç»Ÿ,æœ€åŽæµ‹è¯•äº†æ£€æµ‹æ¶æ„ä»£ç æ ·æœ¬çš„å‡†ç¡®æ€§ã€‚æœ¬æ–‡åœ¨æ–¹æ³•ç ”ç©¶å’Œç³»ç»Ÿå®žçŽ°è¿‡ç¨‹ä¸å®Œæˆäº†ä»¥ä¸‹å·¥ä½œ:(1)æ”¶é›†äº†å¤§é‡çš„åƒµå°¸å·¥å…·ç±»ä»¥åŠå…¶ä»–ç±»åž‹æ¶æ„ä»£ç çš„æ ·æœ¬ã€‚ç ”ç©¶äº†æ¶æ„ä»£ç çš„æ ·æœ¬æ”¶é›†æŠ€æœ¯,å¹¶æå»ºæ ·æœ¬æ”¶é›†å¹³å°æ¥æ”¶é›†æ¶æ„ä»£ç æ ·æœ¬,ç„¶åŽå»ºç«‹æ¶æ„ä»£ç ç‰¹å¾åº“ã€‚(2)é‡ç‚¹åˆ†æžäº†å‡ ç§å…¸åž‹çš„åƒµå°¸å·¥å…·æ ·æœ¬,å¯¹äºŽå…¶ä»–ç±»åž‹çš„æ¶æ„ä»£ç ä¹Ÿåšäº†ä¸€äº›åˆ†æž,å¹¶æŒ‰ç…§æ¶æ„ä»£ç çš„è¡Œä¸ºåœ¨ä¼ æ’,æŽ§åˆ¶,æ”»å‡»ç‰å„ä¸ªé˜¶æ®µçš„ç‰¹å¾è¿›è¡Œåˆ†ç±»åˆ†æž,å¹¶å»ºç«‹åŸºäºŽè‡ªåŠ¨çŠ¶æ€æœºçš„æ¶æ„ä»£ç ç‰¹å¾æ¨¡åž‹ã€‚(3)ç ”ç©¶BPç½‘ç»œå’Œæœºå™¨å¦ä¹ çš„æ–¹æ³•,å¯¹åˆ†æžå‡ºæ¥çš„åƒµå°¸å·¥å…·ç‰¹å¾è¿›è¡Œå®šä¹‰å’Œé‡åŒ–,ç„¶åŽè®¾è®¡å‡ºé’ˆå¯¹æ¶æ„ä»£ç æ£€æµ‹çš„BPç½‘ç»œç»“æž„ã€‚è¾“å…¥å¦ä¹ æ ·æœ¬è®©æ£€æµ‹ç½‘ç»œè¿›è¡Œå¦ä¹ ,å¾—å‡ºç†æƒ³çš„ç½‘ç»œæ¨¡åž‹ã€‚è¯¥æ¶æ„ä»£ç ç›‘æµ‹ç½‘ç»œé™¤äº†å¯ä»¥æ£€æµ‹å‡ºåƒµå°¸å·¥å…·ç±»æ¶æ„ä»£ç ä»¥å¤–,è¿˜å¯ä»¥å¯¹ä¸€éƒ¨åˆ†æœ¨é©¬å’Œè •è™«è¿›è¡Œæ£€æµ‹ã€‚(4)æ ¹æ®ä¸Šè¿°çš„ç ”ç©¶ç»“æžœè®¾è®¡æ¶æ„ä»£ç çš„æ£€æµ‹ç³»ç»Ÿ,å®žçŽ°äº†æ¶æ„ä»£ç çš„åˆ†ç±»å’Œè¯†åˆ«åŠŸèƒ½ã€‚åœ¨æ¶æ„ä»£ç æ£€æµ‹ç³»ç»Ÿçš„å®žçŽ°ä¸,è§£å†³äº†2ä¸ªå…³é”®çš„é—®é¢˜,åˆ†æžæ ·æœ¬åœ¨è¿è¡Œè¿‡ç¨‹ä¸å¯¹ç³»ç»Ÿå½±å“çš„è¡Œä¸ºç‰¹å¾,ä»¥åŠæ•èŽ·æ ·æœ¬åœ¨ç½‘ç»œä¼ è¾“ä¸çš„æŽ§åˆ¶ä¿¡æ¯å’Œæ”»å‡»ä¿¡æ¯ã€‚è¯¥ç³»ç»Ÿä¸»è¦å®žçŽ°äº†è¡Œä¸ºç›‘æŽ§,ç½‘ç»œç›‘æŽ§å’Œç³»ç»Ÿæ¢å¤è¿™ä¸‰ä¸ªæ¨¡å—ã€‚å¯¹æ¶æ„ä»£ç ç³»ç»Ÿè¿›è¡ŒåŠŸèƒ½æµ‹è¯•,æµ‹è¯•æ ·æœ¬æ£€æµ‹çš„å‡†ç¡®çŽ‡,å¹¶è¿›è¡Œç»“æžœåˆ†æžã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ With the popularization and application of computers and networks, enterprises and users are faced with a growing number of security issues. Recently, more and more malicious code which spread in the network, has a great threat in network security, and caused great economic losses. Bot integrate of a number of viruses, trojans, worms characteristics, and accept the control command, control thousands of hosts to simultaneously attack a target. It has a great threat to security. This type of malicious code has aroused widespread concern in the field of network security.To response security threats of malicious code and current detection technology problems, the paper proposed the malicious code detection method which based on behavioral characteristics BP network. The method make up such problems which exist in current detection methods, such as signature matching detection method should not detect unknown malicious code, behavior analysis methods can not effectively judge the malicious code, and pattern recognition methods encounter some anti-detection methods. Then, the paper implements the malicious code detection system with such method. Finally, test the samples detection.In this paper, the work in research method and implement system such as:(1) Many types of bot and other types of malicious code samples are collected. The techniques of collect malicious code samples are studied and the sample collection platform is built. Then the malicious code samples database is set up.(2) Several typical bot samples and some other types of malicious code are analysis. Some behavior characteristics at the stages of spread control and attacks are collected. Final state machine feature model are set up.(3) BP network and machine learning methods are researched. The behavior characteristics of bot are defined and quantified. Then the BP network structure of detection is designed and input samples to allow detection of the network study, and get an ideal network model. The model not only can detect bot, but also can detect trojans and worms.(4)Malicious code detection system is designed based on the above findings. The main function of system is malicious code classification and recognition. There are two key questions that are solved in our system. One is analysis samplesâ€™behavior which impact on the system. The other is capture samplesâ€™control information and attack information at the network transmission. The three modules are implemented in our system, include conduct monitor, network monitor and system restore. The function of the detect system is test, the accuracy of samples detect is test, and the result of test is analysis.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ æ¶æ„ä»£ç ï¼› åƒµå°¸å·¥å…·ï¼› åƒµå°¸ç½‘ç»œï¼› BPç½‘ç»œï¼› è¡Œä¸ºç‰¹å¾ï¼› æ£€æµ‹ï¼›
ã€Key wordsã€‘ malicious codeï¼› botï¼› botnetï¼› BP networkï¼› behavior characterï¼› detectionï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ ç”µåç§‘æŠ€å¤§å¦

ã€åˆ†ç±»å·ã€‘TP393.08
ã€è¢«å¼•é¢‘æ¬¡ã€‘2
ã€ä¸‹è½½é¢‘æ¬¡ã€‘218
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

åƒµå°¸å·¥å…·ç±»æ¶æ„ä»£ç çš„æ£€æµ‹ç ”ç©¶

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

åƒµå°¸å·¥å…·ç±»æ¶æ„ä»£ç çš„æ£€æµ‹ç ”ç©¶