计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (11): 46-48.

• 研发、设计、测试 • 上一篇    下一篇

采用行为分析的单机木马防护系统设计与实现

王泽东1,2,刘 宇1,2,朱随江1,2,刘宝旭2,潘 林1,2   

  1. 1.中国科学院 研究生院,北京 100049
    2.中国科学院 高能物理研究所 计算中心,北京 100049
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-04-11 发布日期:2011-04-11

Design and implementation of Trojan horse protection system based on behaviors analysis

WANG Zedong1,2,LIU Yu1,2,ZHU Suijiang1,2,LIU Baoxu2,PAN Lin1,2   

  1. 1.Graduate University of Chinese Academy of Sciences,Beijing 100049,China
    2.Computing Center of Institute of High Energy Physics,Chinese Academy of Sciences,Beijing 100049,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-04-11 Published:2011-04-11

摘要: 针对基于特征代码的静态木马检测技术的不足,通过实时监控程序的可疑行为,运用贝叶斯算法分析程序行为特征进而发现木马程序,并对恶意木马程序的非授权操作进行修复,设计并实现了一个基于行为分析的单机木马防护系统。实验表明:该木马防护系统在对检测率影响较小的前提下,显著降低了误报率。

关键词: 行为分析, 贝叶斯算法, 木马, 防护

Abstract: Based on behaviors analysis,this paper designs and realizes a Trojan horse protection system for PC.The system overcomes the shortage of Trojan horse detection techniques which based on static feature code and monitors suspicious behavior of the program,using Bayesian algorithm for analysis of the program behavior characteristics,Trojan horse program will be killed once found.The system repairs the software damaged and protects operating system better.Experiments show that the Trojan horse protection system significantly reduces false positive rate,with few impact on detection rate.

Key words: behaviors analysis, Bayesian algorithm, Trojan horse, protection