[1]陈珂[],柯文德[],王爱国[],等. 基于沙盒技术的行为分析系统研究[J].计算机技术与发展,2015,25(08):166-169.
 CHEN Ke[],KE Wen-de[],WANG Ai-guo[],et al. Research on Behavior Analysis System Based on Sandbox Technology[J].,2015,25(08):166-169.
点击复制

 基于沙盒技术的行为分析系统研究()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
25
期数:
2015年08期
页码:
166-169
栏目:
安全与防范
出版日期:
2015-08-10

文章信息/Info

Title:
 Research on Behavior Analysis System Based on Sandbox Technology
文章编号:
1673-629X(2015)08-0166-04
作者:
 陈珂[1] 柯文德[1] 王爱国[1] 郑捷[1] 张良均[2]
1. 广东石油化工学院 计算机科学与技术系;2.广州太普信息技术有限公司
Author(s):
 CHEN Ke[1] KE Wen-de[1] WANG Ai-guo[1] ZHENG Jie[1] ZHANG Liang-jun[2]
关键词:
 虚拟执行恶意程序检测 沙箱行为分析
Keywords:
 virtual executionmalicious executables detectionsandboxbehavior analysis
分类号:
TP309
文献标志码:
A
摘要:
 随着恶意程序的快速增多,常用的分析技术遇到了瓶颈。文中总结与分析了国内外现有主流的恶意程序检测方法,运用了底层的多种HOOK技术,在底层驱动中利用重定向技术从文件、注册表、网络、进程、线程、窗口消息等多个方面,设计与构造了改进的混合型沙盒和行为分析器。沙盒可保证程序在运行中不会破坏真实的系统,可提高分析效率,可连续分析,不需要还原环境。行为分析器通过记录程序的函数调用序列,使用风险等级来判断程序的风险程度,运用了独创的行为分析算法来计算程序的风险级别,通过自定义的规则自动判断程序的恶意程度,同时生成分析报告,达到自动化分析的目的。经过测试,说明该系统达到了预期功能,能有效地保护真实系统,同时也能准确获取到恶意程序的行为,其分析结果是有效的。
Abstract:
 With the rapid increase of malicious programs,common analysis technology has encountered bottleneck. In this paper,summa-rize and analyze the domestic and foreign existing mainstream malware detection method,using the underlying multiple HOOK technolo-gy,utilizing the redirection technology in the underlying driver from a file,registry,network,process,thread,window message and so on, design and construct an improved sandbox analyzer and behavior. Sandbox ensures application won’ t destroy the real system in opera-tion,which can improve the efficiency of analysis,can be used to analyze continuously,do not need to restore the environment. Behavior analyzer by recording the program sequence of function calls,using risk level to judge the risk degree of the program,using the original behavior analysis algorithm to calculate the risk level of the program,through the custom rules automatically judge the malicious degree of the program,at the same time generate analysis report,to achieve the purpose of automatic analysis. After testing,the system runs stable and extensible,the analysis result is valid.

相似文献/References:

[1]张志宏,吴庆波,邵立松,等.基于飞腾平台TOE协议栈的设计与实现[J].计算机技术与发展,2014,24(07):1.
 ZHANG Zhi-hong,WU Qing-bo,SHAO Li-song,et al. Design and Implementation of TCP/IP Offload Engine Protocol Stack Based on FT Platform[J].,2014,24(08):1.
[2]梁文快,李毅. 改进的基因表达算法对航班优化排序问题研究[J].计算机技术与发展,2014,24(07):5.
 LIANG Wen-kuai,LI Yi. Research on Optimization of Flight Scheduling Problem Based on Improved Gene Expression Algorithm[J].,2014,24(08):5.
[3]黄静,王枫,谢志新,等. EAST文档管理系统的设计与实现[J].计算机技术与发展,2014,24(07):13.
 HUANG Jing,WANG Feng,XIE Zhi-xin,et al. Design and Implementation of EAST Document Management System[J].,2014,24(08):13.
[4]侯善江[],张代远[][][]. 基于样条权函数神经网络P2P流量识别方法[J].计算机技术与发展,2014,24(07):21.
 HOU Shan-jiang[],ZHANG Dai-yuan[][][]. P2P Traffic Identification Based on Spline Weight Function Neural Network[J].,2014,24(08):21.
[5]李璨,耿国华,李康,等. 一种基于三维模型的文物碎片线图生成方法[J].计算机技术与发展,2014,24(07):25.
 LI Can,GENG Guo-hua,LI Kang,et al. A Method of Obtaining Cultural Debris’ s Line Chart Based on Three-dimensional Model[J].,2014,24(08):25.
[6]翁鹤,皮德常. 混沌RBF神经网络异常检测算法[J].计算机技术与发展,2014,24(07):29.
 WENG He,PI De-chang. Chaotic RBF Neural Network Anomaly Detection Algorithm[J].,2014,24(08):29.
[7]刘茜[],荆晓远[],李文倩[],等. 基于流形学习的正交稀疏保留投影[J].计算机技术与发展,2014,24(07):34.
 LIU Qian[],JING Xiao-yuan[,LI Wen-qian[],et al. Orthogonal Sparsity Preserving Projections Based on Manifold Learning[J].,2014,24(08):34.
[8]尚福华,李想,巩淼. 基于模糊框架-产生式知识表示及推理研究[J].计算机技术与发展,2014,24(07):38.
 SHANG Fu-hua,LI Xiang,GONG Miao. Research on Knowledge Representation and Inference Based on Fuzzy Framework-production[J].,2014,24(08):38.
[9]叶偲,李良福,肖樟树. 一种去除运动目标重影的图像镶嵌方法研究[J].计算机技术与发展,2014,24(07):43.
 YE Si,LI Liang-fu,XIAO Zhang-shu. Research of an Image Mosaic Method for Removing Ghost of Moving Targets[J].,2014,24(08):43.
[10]余松平[][],蔡志平[],吴建进[],等. GSM-R信令监测选择录音系统设计与实现[J].计算机技术与发展,2014,24(07):47.
 YU Song-ping[][],CAI Zhi-ping[] WU Jian-jin[],GU Feng-zhi[]. Design and Implementation of an Optional Voice Recording System Based on GSM-R Signaling Monitoring[J].,2014,24(08):47.

更新日期/Last Update: 2015-09-14