检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京交通大学计算机信息与技术学院,北京100044 [2]国防科技大学计算机学院,湖南长沙410073
出 处:《国防科技大学学报》2010年第1期101-106,共6页Journal of National University of Defense Technology
基 金:国家重点基础研究发展计划支持项目(2007CB311100)
摘 要:Cohen证明了不存在一个算法可以精确地检测出所有可能的计算机病毒。MCDPM是一种基于虚拟行为机制的恶意代码检测方法,其目的是避开Cohen结论的限制,从而实现对恶意代码的有效检测和预防。MCDPM将传统的代码行为过程分解为虚拟行为发生和实际行为发生两个部分,通过对虚拟行为及其结果的监视和分析,实现对代码行为的精确检测。由于MCDPM的分析结果是建立在代码的确切行为之上,因此其判断结果是真实和准确的。对于非恶意代码,MCDPM则可以通过实际行为发生函数将其运行结果反映到系统真实环境,保持系统状态的一致性。MCDPM可以用于对未知恶意代码的检测,并为可信计算平台技术的信任传递机制提供可信来源支持。Cohen proved that there was no algorithm that can perfectly detect all possible viruses. Malicious Code Detection and Prevention Model (MCDPM) is a behavior-based malicious code detection mechanism, and its purpose is to get rid of the limitation of Cohen's findings. MCDPM disassembles program behaviors into virtual behavior parts and actual behavior parts, and monitors the virtual behaviors as well as the results of these behaviors. MCDPM determines whether an executable is malicious by analyzing the virtual behaviors of a program. Since the determination is made upon unchangeable program behaviors, it has a low false positive rate and a low false negative rate as well. To those non-malicious programs, MCDPM will perform their behavior results really taken place in the platform by the actual behavior function, so that the consistency of system is assured. MCDPM is effective in detecting unknown malicioas codes, and it also supplies an accurate approach to clean the viruses in the system. MCDPM can also be used to provide the assurance to the transitive trust mechanism in trusted computing platform technology.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15