| 一种基于Multi-Agent恶意代码行为捕获方案的设计与实现 |
| |
| 作者姓名: | 孙志峰 赵文涛 游超 董彬 |
| |
| 作者单位: | 国防科技大学计算机学院,湖南长沙410073 |
| |
| 摘 要: | 恶意代码行为捕获是进行恶意代码行为分析,提高防御恶意代码能力的基础。当前,随着恶意代码技术的发展,恶意代码结构及其通信活动日益复杂,使得传统的恶意代码行为捕获技术难以有效应对恶意代码的攻击与破坏。如何更加有效地捕获恶意代码行为成了目前信息安全领域的研究热点。基于此目的,本文在充分利用Agent的自主性和适应性,实时采集目标系统的状态信息的基础上,提出了一种基于多Agent的恶意代码行为捕获方案,分析了其行为捕获流程,介绍了功能模块组成,并基于Windows平台实现了该方案,为下一步针对恶意代码分析及防御提供了良好的基础。
|
| 关 键 词: | 恶意代码 多智能体 行为捕获 行为知识库 |
A Design and Implementation of Behavior Capture System on Multi-Agent for Supporting Malware |
| |
| Authors: | Sun Zhi-feng Zhao Wen-tao You Chao Dong Bin |
| |
| Affiliation: | (School of Computer Science, National University of Defense Technology HunanChangsha 410073) |
| |
| Abstract: | Capturing the behavior of malicious code is the foundation of malicious code analyzing as wel as improving the ability of defending against malicious code. With the development of technologies, malicious code is becoming more complex in structures and communication activities, making it dif icult for traditional capturing technologies to deal ef ectively with the at acks and destructions brought by malicious codes. Therefore, how to capture the behavior of malicious code more ef ectively has become a hot topic in the field of information security now. In this paper, we propose a Multi-Agent scheme to capture malicious code behavior, which is based on real-time capture of the target system status information through making ful use of the autonomy, adaptability of Agent. As wel , the paper analyses the behavior capturing process, describes the components of the system, and makes an implementation on Windows, which provides a good basis for further analysis and researches on defending against malicious code. |
| |
| Keywords: | malicious code multi-agent behavior captured feature extraction |
| 本文献已被 CNKI 维普 等数据库收录! |
|
