检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:牛冰茹[1,2] 刘培玉[1,2] 段林珊[1,2]
机构地区:[1]山东师范大学信息科学与工程学院,山东济南250014 [2]山东省分布式计算机软件新技术重点实验室,山东济南250014
出 处:《计算机应用与软件》2014年第3期277-280,330,共5页Computer Applications and Software
基 金:国家自然科学基金项目(60873247);山东省自然科学基金项目(ZR2009GZ007;ZR2011FM030)
摘 要:木马是一种具有潜在威胁的程序,会对计算机造成不同程度危害,对于木马的检测与防范尤为重要。通过分析程序的PE文件提取API函数调用序列,将其分割为长度为k的短序列与攻击树匹配,再对攻击树各节点计算其发生的概率及恶意性权值,最后综合计算攻击树根节点代表事件的危险指数用来估计该程序与木马的相似程度,从而判断程序为木马程序或者包含木马部分的可能性,以准确地检测和防范木马攻击。Trojan horse is a program with potential threats and will cause different degrees of harm to computers, so it is particularly impor- tant to detect and prevent it. Through analysing the PE file of the program, the calling sequence of API function is extracted, it is then cut to short sequences with k-length to match the attack tree, after that the probability of occurrence and the vicious weight on every node of the at- tack tree are computed, at last we comprehensively calculate the danger index of the representative event of root node of attack tree for estima- ting the similarity degree of the program to Trojan, so as to judge the possibility of the program to be the Trojan virus or to contain Trojan parts, thus to detect and prevent Trojan horse attack accurately.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.200
