| 基于“In-VM”思想的内核恶意代码行为分析方法 |
 点此下载全文 |
| 引用本文:马珂,刘任任,刘新.基于“In-VM”思想的内核恶意代码行为分析方法[J].计算技术与自动化,2014,(3):105-109 |
| 摘要点击次数: 1289 |
| 全文下载次数: 38 |
|
|
| 中文摘要:随着互联网的高速发展,网络安全威胁也越来越严重,针对恶意代码的分析、检测逐渐成为网络安全研究的热点。恶意代码行为分析有助于提取恶意代码特征,是检测恶意代码的前提,但是当前自动化的行为捕获方法存在难以分析内核模块的缺陷,本文针对该缺陷,利用虚拟机的隔离特点,提出了一种基于“In-VM”思想的内核模块恶意行为分析方法,实验表明该方法能够分析内核模块的系统函数调用和内核数据操作行为。 |
| 中文关键词:网络安全 虚拟机 恶意代码分析 内核模块 |
| |
| Analysis of Kernel-malware Behavior Based on “In-VM” |
|
|
| Abstract:With the rapid development of Internet, threats of network security have become increasingly serious. Malware analysis and detection have become a hot research topic. Malware behavior analysis helps to extract the characteristics of malicious code, is the premise of detecting malicious code, but at the current level of development,the automated capture method is difficult to analyze behaviors of kernel module. In order to solve this problem, this paper proposed a kernel modules malicious behavior analysis method based on “In-VM” , experimental results show that this method can analyze system calls and data manipulation of kernel modules . |
| keywords:network security virtual machine malware analysis kernel module |
| 查看全文 查看/发表评论 下载pdf阅读器 |
