本文已被:浏览 1887次 下载 3280次
Received:January 03, 2010 Revised:April 02, 2010
Received:January 03, 2010 Revised:April 02, 2010
中文摘要: Linux恶意代码检测是Linux安全框架的一个重要组成部分。大多数现存的依照特征进行检测的方法通常落后于恶意代码的发展,已经不能满足日益迫切的安全需求,而基于行为的检测器往往需要高质量的恶意行为规范。使用了一种基于系统调用的自动挖掘规范技术,并在此基础上开发恶意代码的多执行路径,使其规范更详细更全面,从而提高检测器的检测率。
Abstract:The malware detection is one of the important parts in a secure Linux frame.Most existing malware detection methods are based on the signature and generally leave behind the development of the malware technology, which cannot meet the ever increaing needs of security. Behavior-based detectors require high-quality specifications of malicious behavior. This paper introduces an automatic technique to mine specifications of malicious behavior based on system calls and explores multiple execution paths for malware specifications, which helps the specifications to be more specific and more comprehensive, and improves the rate of detection of the behavior-based detectors.
文章编号: 中图分类号: 文献标志码:
基金项目:
Author Name | Affiliation |
LIU Lin-Shuang | 湖南大学 软件学院 湖南 长沙 410082 |
MIAO Li |
Author Name | Affiliation |
LIU Lin-Shuang | 湖南大学 软件学院 湖南 长沙 410082 |
MIAO Li |
引用文本:
刘琳爽,缪力.Linux系统中基于多路径的恶意行为规范挖掘.计算机系统应用,2010,19(9):168-172
LIU Lin-Shuang,MIAO Li.Mining Specifications of Malicious Behaviors Based on Multiple Paths in Linux.COMPUTER SYSTEMS APPLICATIONS,2010,19(9):168-172
刘琳爽,缪力.Linux系统中基于多路径的恶意行为规范挖掘.计算机系统应用,2010,19(9):168-172
LIU Lin-Shuang,MIAO Li.Mining Specifications of Malicious Behaviors Based on Multiple Paths in Linux.COMPUTER SYSTEMS APPLICATIONS,2010,19(9):168-172