一种利用动态控制流路径分析的隐藏恶意代码异常检测方法 |
| |
作者姓名: | 潘剑锋 刘守群 奚宏生 谭小彬 |
| |
作者单位: | 中国科学技术大学自动化系,合肥 230027 |
| |
基金项目: | 国家"863"计划基金项目(2006AA01Z449)资助 |
| |
摘 要: | 提出了一种基于动态控制流路径分析的隐藏恶意代码检测方法.该方法首先有针对性地选取与恶意代码相关的敏感路径并动态记录其执行过程的控制流路径,然后采用基于调用层次树匹配的异常检测算法分析所获得的数据,从而检查出系统中隐藏型恶意代码.实验结果表明,该方法能有效检测出隐藏恶意代码,具有高检出率和低误报率的特点,适用于计算机操作系统内的隐藏型恶意代码的检测.
|
关 键 词: | 恶意代码 异常检测 动态控制流 调用树编辑距离 |
收稿时间: | 2009-06-15 |
修稿时间: | 2009-07-26 |
A method for hidden malcode anomaly detection using dynamic control-flow analysis |
| |
Authors: | PAN Jian-Feng LIU Shou-Qun XI Hong-Sheng TAN Xiao-Bin |
| |
Affiliation: | Department of Automation, University of Science and Technology of China, Hefei 230027, China |
| |
Abstract: | The present study proposes a method for hidden malcode detection based on the analysis of dynamic control-flow. First we recorded the malcode-related control-flow paths of program, and then the control-flow paths were analyzed, by calling tree match algorithm, to detect the hidden malcode in the system. The experiments show that this method can detect hidden malcode efficiently at a high detection rate and with low false positive, and thus it can be applied to malcode detection on operating systems. |
| |
Keywords: | malcode anomaly detection dynamic control-flow call tree edit distance |
本文献已被 CNKI 等数据库收录! |
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |