检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京邮电大学网络与信息攻防技术教育部重点实验室,北京100876 [2]公安部第一研究所,北京100048
出 处:《北京理工大学学报》2011年第5期567-571,共5页Transactions of Beijing Institute of Technology
基 金:国家"八六三"计划项目(2009AA01Z439)
摘 要:针对计算机木马判定困难的问题,提出了一种对行为序列进行多属性灰色模糊木马判定的方法.通过对计算机木马定性分析构建了木马攻击树,归纳了木马使用攻击树叶子节点方法实现不同功能的概率等级.使用基于木马行为的检测技术检测出主机包含网络通信、隐蔽运行、开机启动、自我防护四要素的所有行为序列,视这些行为序列为木马设计方案,使用模糊数量化定性指标,将灰色系统理论与模糊优选结合,计算各方案的木马灰色模糊的优属度,最后使用危险指数进行木马判定.应用示例表明该方法可以有效区分正常程序,检出木马程序.A multiple attribute grey fuzzy Trojan detecting method based on behavior sequence is proposed to solve the problems of Trojan detection. Through qualitative analysis, Trojan attack tree was constructed. The probability level, that Trojan can complete different functions by the method of using leaves node of attack tree, was summed up. Behavior sequences of Trojan, including network communication, hidden running, starting up after power on and self- protection, were considered as the designing scheme of Trojan. Then, by the combination of grey system theory and fuzzy optimization method, the grey fuzzy optimal degree for each Trojan scheme can be calculated with the use of quantized qualitative index of fuzzy number. At last, Trojan was detected by comparing grey fuzzy optimal degree with the dangerous index. The example shows that above method can effectively distinguish the Trojan from normal program.
关 键 词:木马检测 木马攻击树 行为序列 模糊数 灰色模糊优属度
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.3