检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:刘志永 王红凯[2] 李高磊[3] 伍军[3] 宿雅婷
机构地区:[1]北京国电通网络技术有限公司,北京100070 [2]国网浙江省电力公司信息通信分公司,浙江杭州310007 [3]上海交通大学电子信息与电气工程学院,上海200240
出 处:《计算机与现代化》2016年第3期105-110,共6页Computer and Modernization
基 金:国家电网科技项目(524681140009)
摘 要:分析可疑程序执行前后的主机状态变化,利用虚拟执行技术设计一种新型的基于主机特征的未知恶意程序动态识别系统。所有可疑程序被重定向到特定沙箱中执行,通过对沙箱中的文件、注册表、进程、服务和网络的实时监控与深度分析识别未知恶意程序,再根据其执行过程记录动态生成告警信息,从而保护真实环境文件不受篡改、破坏。实验表明,该系统能显著提高对未知恶意程序攻击的识别精度,从而高效防御智能电网遭受未知恶意程序的攻击。Characteristics of states changing before / after the execution of unknown malicious programs were analyzed,a novel host characteristics-based unknown malicious programs dynamic recognition system is developed by using virtual execution technology. All suspicious programs were redirected into the special sandbox and executed. The unknown malicious programs were recognized by real-timely monitoring and deeply analyzing files,regedits,processes,services and network systems of the virtual hosts in sandboxes. Next,according to the real-time records in the process of the execution of the unknown malicious programs,early warning strategies were produced to protect the files of the real-world scenarios from being altered or attacked. Experimental results show that the accuracy of this system for unknown malicious programs recognition has been improved significantly. Hence,it can high-efficiently prevent smart grid from being attacked by the unknown malicious programs.
关 键 词:智能电网 未知恶意程序 识别 虚拟执行 主机特征
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28