检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:胡嘉熙 王轶骏[1] 薛质[1] HU Jia-xi;WANG Yi-jun;XUE Zhi(School of Cyber Security, Shanghai Jiaotong University, Shanghai 200240, China)
机构地区:[1]上海交通大学网络空间安全学院,上海200240
出 处:《通信技术》2017年第12期2800-2806,共7页Communications Technology
基 金:国家重点研发计划项目"网络空间安全"重点专项(No.2017YFB0803200)~~
摘 要:新形势下的恶意代码更专注于特定场景,如银行、企业内部网络、物联网等。针对不同场景的恶意代码的共通之处,是都需要绕过杀毒软件等防御系统。通过对杀毒软件的工作原理及大量恶意代码样本的研究分析,提出了白名单、代码混淆、沙盒绕过等绕过杀毒软件的免杀技术。基于以上免杀技术对恶意代码样本进行二次封装,并在Virus Total平台上进行免杀率测试。测试结果表明,免杀技术使得恶意代码样本的被查杀率显著降低,仅依靠杀毒软件完全防范恶意代码是不可靠的。Malicious code under the new situation is more focused on specific scenarios,such as banks,enterprise intranets,Internet of things,etc.Malicious code in different scenarios needs,as a common thing,to bypass anti-virus software and other defense systems.Via study and analysis on the working principle of anti-virus software and a large number of malicious code samples,some anti-anti-virus technology involving white list,code obfuscation,sandbox bypassing and other antivirus-bypassing software tricks is proposed.Based on the above anti-anti-virus technology,the malicious code samples are packaged for a second time,and the tests of their anti-anti-virus killing rates also done on VirusTotal platform.The test results indicate that the anti-anti-virus technology makes the killing rate of malicious code sample significantly reduced,and that the reliance only on anti-virus software for preventing malicious code is not very reliable.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.136.20.207