检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:段翼真[1,2,3] 刘忠[1,3] 施展[4]
机构地区:[1]中国科学院成都计算机应用研究所,四川成都610041 [2]北京计算机技术及应用研究所,北京100854 [3]中国科学院大学,北京100049 [4]华中科技大学计算机学院,湖北武汉430074
出 处:《华中科技大学学报(自然科学版)》2016年第7期57-62,共6页Journal of Huazhong University of Science and Technology(Natural Science Edition)
基 金:国防基础科研资助项目(B0420132604)
摘 要:针对当前恶意代码检测系统存在的查杀能力较弱、资源占用率大、自身易受攻击等问题,综合利用云查杀、主动防御和多代理协同处理等技术提出了一种新的恶意代码防御系统.该系统将核心检测分析功能分离到云端以服务形式提供,终端只具备安全状态和行为监控等基本代理功能,海量代理构成的监控云快速发现未知恶意代码,检测分析云通过分布式处理和多查杀引擎协同快速分析识别恶意代码.为了测试系统的可行性和有效性,使用6 835个恶意代码样本开展了与传统模式的对比实验,系统的查杀成功率达到97.3%,CPU占用率不高于29%.与传统模式相比,新体系具有更高的查杀能力和更低的终端资源占用率.To solve the problems of the traditional host-based malware detection system with low detect-and-kill capacity,high resource consumption,and vulnerability to be attacked,a malicious code defense architecture was proposed based on cloud security technology,active defense and multi-agent coordination technology.In this architecture,the malware analysis engine was moved into the cloud,and the client agent only kept lightweight malware monitor function.The architecture was composed of monitoring cloud and detection and analysis cloud.The monitoring cloud based on massive client agents could quickly finds unknown malware,and the detection and analysis cloud analyzed the malware with distributed processing and multi-engine.In order to test the applicability of the prototype system,6 835 malware samples were used to carry out comparative experiments with the traditional model,and the system achieved a detection rate of 97.3% and CPU occupancy rate of no more than29%.The test result shows that the proposed method provides high kill capacity and end-user′s low resources consumption.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.173
