检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]复旦大学软件学院,上海200433 [2]上海交通大学分布式与并行系统实验室,上海200240
出 处:《计算机应用与软件》2015年第8期261-265,287,共6页Computer Applications and Software
基 金:国家自然科学基金项目(61303011)
摘 要:随着智能手机的发展,软件的恶意行为在移动平台也呈现爆发性增长。面对正常行为和恶意行为混杂的情况,现有的权限机制缺乏相适应的粒度以及足够的信息区分相同程序中的不同行为。以"程序行为"为粒度对应用程序进行授权,并辅助以行为的上下文作为判定依据可以有效地分离程序正常行为与恶意行为。基于上述概念设计并实现Event Chain原型系统,具有追踪、建立程序行为及其上下文的能力。实验表明,该系统能够检测到Bg Serv、Fake Player等5个病毒家族的89个恶意软件中的恶意行为,并且具有低于10%的性能开销。With the development of smart phone,malicious behaviours in applications are also growing explosively on mobile platforms.However,existing permission schemes lack the adapted granularity and sufficient information to differentiate different behaviours from same application when facing the situation of malicious behaviours mixed in the normal ones. It is able to effectively sever the normal and malicious behaviours in application by taking the"applications behaviour"as the granularity to authorise the application assisted by using the context of the behaviour as discriminant basis. In this paper,we design and implement a prototype system of EventChain based on the above concept. It has the capability of tracking,as well as setting up the behaviours of application and its corresponding context. It is shown by experiments that the Event Chain system can detect the malicious behaviours in 89 malware from five malware families including BgServ,FakePlayer,etc.,and has the performance overhead less than 10%.
分 类 号:TP391[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.149.250.24