| 基于差异对比法的文件可疑通信行为检测 |
| |
| 引用本文: | 钟明全,唐彰国,李焕洲,张健.基于差异对比法的文件可疑通信行为检测[J].计算机应用,2010,30(1):210-212. |
| |
| 作者姓名: | 钟明全 唐彰国 李焕洲 张健 |
| |
| 作者单位: | 四川师范大学物理与电子工程学院 |
| |
| 摘 要: | 针对恶意程序对计算机用户造成的危害以及其数量上的快速增长,提出了一种基于文件网络通信行为数据的检测系统。重点介绍了基于差异对比法的可疑通信行为检测模型,给出了系统各模块协同工作流程图以及系统中关键技术的实现代码。测试结果表明,该系统具备通信检测、通信进程检测和域名信息检测功能。
|
| 关 键 词: | 恶意程序 网络驱动 通信检测 服务提供者接口 |
| 收稿时间: | 2009-07-07 |
| 修稿时间: | 2009-08-05 |
Detection of suspicious communication behavior of one program based on method of difference contrast |
| |
| ZHONG Ming-quan,TANG Zhang-guo,LI Huan-zhou,ZHANG Jian.Detection of suspicious communication behavior of one program based on method of difference contrast[J].journal of Computer Applications,2010,30(1):210-212. |
| |
| Authors: | ZHONG Ming-quan TANG Zhang-guo LI Huan-zhou ZHANG Jian |
| |
| Abstract: | In allusion to the damage of baleful program for computer users and its fast growth in quantity,a detection system based on network communication behavior data of one program was proposed.A detection model of suspicious communication behavior based on difference contrast was emphasized.The cooperative work diagram of each module of the system and program code of critical technology of the system were given.The test result shows that the system can detect network communication,communication process and domai... |
| |
| Keywords: | baleful program network driver communication detection Service Provider Interface (SPI) |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
