检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:戚臻彦 孙永清[1] Qi Zhenyan;Sun Yongqing(The Third Research Institute of the Ministry of Public Security,Shanghai 200030,China)
机构地区:[1]公安部第三研究所,上海200030
出 处:《网络安全与数据治理》2023年第6期66-70,共5页CYBER SECURITY AND DATA GOVERNANCE
摘 要:运维安全管理设备中的“命令过滤”功能只能过滤黑名单中的恶意代码,而无法有效识别并阻止使用特殊方法绕过该功能的行为。针对这一问题,提出了一种基于随机森林的算法,可以准确识别含有恶意代码的命令执行语句。首先,介绍了四种命令混淆绕过方法,它们用来规避黑名单中的关键词并进行命令执行。然后,为了解决这些风险,在模型的特征选择阶段将命令混淆代码纳入考虑范围,利用多种特征对模型进行训练并调整特征权重,以提高模型检测中对使用命令混淆攻击的识别率和准确度。实验结果表明,该方法能够及时识别并应对命令混淆攻击,从而更好地保证服务器安全运行。The"command filtering"function in operation and maintenance security devices can only filter malicious code in the blacklist,and cannot effectively identify and prevent the use of special methods to bypass this function.To address this problem,this paper proposes an algorithm based on random forest,which can accurately identify command execution statements containing malicious code.Firstly,this paper introduces four methods of command obfuscation bypass,which are used to evade keywords in the blacklist and perform command execution.Then,in order to solve these risks,the command obfuscation code is taken into ac-count in the feature selection stage of the model,and various features are used to train and adjust the weights of the random forest model,so as to improve the recognition rate and accuracy of the model detection for adding command obfuscation attacks.The ex-perimental results show that the method proposed in this paper can timely identify and deal with command obfuscation attacks,thus better ensuring the secure operation of servers.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.147