《计算机应用研究》|Application Research of Computers

动静结合的网络恶意代码检测技术研究

Research on static and dynamic detection technology of network bad code

免费全文下载 (已被下载 次)  
获取PDF全文
作者 邓兆琨,陆余良,黄钊
机构 国防科学技术大学,合肥 230037
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2019)07-051-2159-05
DOI 10.19734/j.issn.1001-3695.2018.01.0040
摘要 针对互联网服务器的攻击行为常利用程序存在的未知漏洞展开,且手法不断更新,使得防御技术的更新往往长时间滞后于攻击行为的发生。提出了一种动静结合的网络数据检测方法,在传统静态分析的基础上优化了检测算法,同时引入了动态模拟运行的检测方式;通过动静结合的双重检测提高了恶意代码的识别率,并能够在代码传入实际被保护程序运行前检测并确定其恶意性,实现防御系统策略的快速自动化更新,缩短了策略更新时间,提高了防御效果。结合该技术实现了一个N-A detecting(网络数据检测)防御系统,实验证明,该系统能够很好地防范针对网络程序的恶意代码攻击行为。
关键词 恶意代码; 数据检测; 静态分析; 动态运行; 网络数据
基金项目 国家重点研发计划重点专项资助项目(2017YFB0802905)
本文URL http://www.arocmag.com/article/01-2019-07-051.html
英文标题 Research on static and dynamic detection technology of network bad code
作者英文名 Deng Zhaokun, Lu Yuliang, Huang Zhao
机构英文名 National University of Defense Technology,Hefei 230037,China
英文摘要 The attacks against Internet servers usually use unexplored vulnerabilities existed in the program or the attacks are constantly being updated. All of these made the defensive measures often lag behind the attack. In order to solve this problem, this paper presented a static and dynamic network data detection technology, which optimized the detection algorithm on the basic of traditional static analysis, and introduced the dynamic simulation to improve the rate of malicious data detection. It could detect malicious data before the data were introduced into the protection program and realized automatic update of defense system strategy and optimized the defense effect. This paper combined this technology to implement an N-A(network data detection) defense system. According to the experiment result, this system can be used to prevent bad code attacks against network programs.
英文关键词 bad code; data detection; static analysis; dynamic operation; network data
参考文献 查看稿件参考文献
 
收稿日期 2018/1/22
修回日期 2018/3/9
页码 2159-2163
中图分类号 TP309.2
文献标志码 A