节点文献
基于启发式算法的恶意代码检测系统研究与实现
The Research and Realization of Unwanted Code Monitoring System Based on Heuristic Algorithm
【作者】 雷迟骏;
【作者基本信息】 南京邮电大学 , 计算机软件与理论, 2012, 硕士
【摘要】 随着计算机技术的发展,尤其是计算机网络的发展,恶意代码也在不断的发展中。当前的恶意代码的数量比起过去有着呈几何增长。传统的恶意代码基本都以病毒形式出现,而当前恶意代码形式多种多样,如蠕虫、病毒、木马、恶意插件等。从功能上分析,传统的恶意代码一般功能单一,大多以数据破坏为主,而当前的恶意代码还具有数据窃取、篡改等功能,并且运用了大量的反调试、反跟踪、反检测等技术来保护自身。由此可见,当前恶意代码对计算机发展的危害已经越来越显著,同时也是检测越来越困难。在检测恶意代码方面,传统的杀毒软件仅仅采用的是二进制特征代码匹配技术来进行检测。由于该方法必须要得到恶意代码的二进制特征代码,一旦恶意代码通过加密等方式改变了其二进制特征代码,该方法将彻底失效。传统的杀毒软件面对当前的恶意代码已经显得力不从心。本论文在阐述模式匹配算法、启发式扫描算法以及虚拟机技术等的基本理论及关键技术的基础上,研究了目前恶意代码检测引擎的模式匹配算法的不足,提出改进的方案。此外在基于启发式扫描算法和虚拟机技术的特征行为引擎研究下,本论文建立了一个结合二进制特征匹配、行为特征匹配以及云端检测的新型恶意代码检测方法的原型系统。本文的研究成果能有效提高系统资源,并且充分利用网络资源,抵御恶意代码入侵,对维护互联网的健康环境,进而营造出一个和谐的网络社会有着积极意义。
【Abstract】 Nowadays, with the development of computer technology, especially computer networks, malicious code are constantly developing. The number of current malicious code has exponential growth than in the past. The traditional malicious code are basically in the form of the virus, but the current malicious code are all kinds of forms, such as worms, viruses, Trojan horses, malicious plug-ins. From the functional analysis, the traditional malicious code generally functioned specially on data breaches, but the current malicious code function on data theft, tampering and other functions, and also use of a large number of anti-debugging, anti-tracking , anti-detection techniques to the protect themselves. Evidently, the development of malicious code on computers has become increasingly significant harm and makes it more and more difficult to detecting them.To detect the malicious code, traditional anti-virus software only uses the method of binary characteristics of the code-matching techniques. Since the method must get the binary characteristics code of the malicious code, once the malicious code changes the characteristics code by encrypting its binary code, the method will completely fail. The traditional anti-virus software seems powerless to the current malicious code.Based on the very explanation of basic theory and key technology, such as pattern matching algorithm, heuristic scanning algorithms and virtual machine technology, the paper has researched deeply on the shortages of pattern matching algorithm of the current malicious code detection engine, and put forward the improved method. In addition, based on the research of heuristic algorithms and the engine using virtual machine technology to match the behavior characteristics, the paper set up a prototype system which combined the binary feature matching, feature matching and the method of behavioral detection of cloud.This research can improve the system resources and make full use of network resources to defend against malicious code intrusion, maintain a healthy environment of the Internet, thus and make positive sense to creating a harmonious network social.
【Key words】 Pattern matching; Heuristic; Virtual machine technology; Cloud computing; Unwanted Code;