UEFI malicious behavior detection model based on minimal attack tree

Computer Engineering and Applications ›› 2012, Vol. 48 ›› Issue (32): 14-17.

Previous Articles Next Articles

UEFI malicious behavior detection model based on minimal attack tree

JIANG Zhengwei1，2, WANG Xiaozhen1，2, LIU Baoxu2

1.Graduate School，Chinese Academy of Sciences, Beijing 100049, China
2.Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049, China

Online:2012-11-11 Published:2012-11-20

基于最小攻击树的UEFI恶意行为检测模型

姜政伟1，2，王晓箴1，2，刘宝旭2

1.中国科学院研究生院，北京 100049
2.中国科学院高能物理研究所计算中心，北京 100049

Abstract

Abstract: The potential risk from source code, extension modules of Unified Extensible Firmware Interface（UEFI） and network is pointed out. The shortcomings of existing BIOS and UEFI malicious code detection methods are analyzed, UEFI attack tree and threat level are defined, a UEFI threats model database and malicious behavior character database are built together as an attack tree model with dynamic expansion, weighted minimal attack tree algorithm is designed for UEFI malicious behavior detection. The experimental results show the effectiveness and the expandability of this proposed model.

Key words: Unified Extensible Firmware Interface（UEFI）, malicious code, attack tree, security risk

摘要： 指出了UEFI中源代码、自身扩展模块及来自网络的安全隐患，分析了传统的BIOS与已有的UEFI恶意代码检测方法的不足，定义了结合UEFI平台特点的攻击树与威胁度，构建了动态扩展的威胁模型库与恶意行为特征库相结合的攻击树模型，设计了针对UEFI恶意行为检测的加权最小攻击树算法。实验证明了模型的有效性与可扩展性。

关键词: 统一可扩展固件接口, 恶意代码, 攻击树, 安全风险

JIANG Zhengwei1，2, WANG Xiaozhen1，2, LIU Baoxu2. UEFI malicious behavior detection model based on minimal attack tree[J]. Computer Engineering and Applications, 2012, 48(32): 14-17.

姜政伟1，2，王晓箴1，2，刘宝旭2. 基于最小攻击树的UEFI恶意行为检测模型[J]. 计算机工程与应用, 2012, 48(32): 14-17.

[1]	DU Yao. Android Malicious Family Detection Algorithm Based on Local Optimization Matching [J]. Computer Engineering and Applications, 2021, 57(8): 84-90.
[2]	CHEN Xiaohan, WEI Shuning, QIN Zhengze. Malware Family Classification Based on Deep Learning Visualization [J]. Computer Engineering and Applications, 2021, 57(22): 131-138.
[3]	WANG Guodong, LU Tianliang, YIN Haoran, ZHANG Jianlin. Malicious Code Family Detection Technology Based on CNN-BiLSTM [J]. Computer Engineering and Applications, 2020, 56(24): 72-77.
[4]	ZHOU Yang, LU Tianliang, DU Yanhui, GUO Rui, BAO Yuxuan, LI Mo. Detection and Analysis of Windows Malicious Code Based on Thread Fusion Feature [J]. Computer Engineering and Applications, 2020, 56(23): 103-108.
[5]	WANG Peng, Nurbol, SU Rui. Bibliometric Analysis of Current Studies and Developing Trends on Malicious Code Research [J]. Computer Engineering and Applications, 2019, 55(8): 92-101.
[6]	GAO Zhifang, SHENG Guanshuai, PENG Dinghong. Information security risk assessment method based on compromise rate method [J]. Computer Engineering and Applications, 2017, 53(23): 82-87.
[7]	CHEN Yu, WANG Yadi, WANG Jindong, LI Tao. Study of influence on information security risks by delays of security measures [J]. Computer Engineering and Applications, 2017, 53(19): 118-123.
[8]	CHEN Qi1, JIANG Guoping2, XIA Lingling3. Homology analysis of malware based on function structure [J]. Computer Engineering and Applications, 2017, 53(14): 93-98.
[9]	ZHOU Wei1, XIE Wenbin2, LI Lei3. A kind of Cyberspace security framework design and risk assessment method [J]. Computer Engineering and Applications, 2016, 52(18): 122-126.
[10]	QIAN Yucun, PENG Guojun, WANG Ying, LIANG Yu. Homology analysis of malicious code and family clustering [J]. Computer Engineering and Applications, 2015, 51(18): 76-81.
[11]	SHANG Jing, XU Kaiyong, YANG Qichao. Trusted boot for computer centralized control system-oriented architecture [J]. Computer Engineering and Applications, 2015, 51(17): 64-69.
[12]	CHENG Ke, SONG Haisheng, AN Zhanfu, KONG Yongsheng. Method for evaluation of network security risk based on t-SVR with parameters optimization by GA [J]. Computer Engineering and Applications, 2014, 50(12): 91-95.
[13]	ZHANG Shuang, KONG Deqi, LI Xiaodong. Security risk assessment methodology for airborne system [J]. Computer Engineering and Applications, 2013, 49(16): 232-235.
[14]	CHEN Yu-feng^1，2，XIANG Zheng-tao¹，JIANG Wei-rong¹，JIAN Wei¹. Security risk analysis framework based on network environment attributes [J]. Computer Engineering and Applications, 2010, 46(34): 85-88.
[15]	LI Zhi-yong¹，XUE Liang²，TAO Ran¹，ZHANG Hao¹. Mechanism and prevention of cross-domain Web page malicious code [J]. Computer Engineering and Applications, 2010, 46(21): 135-137.

UEFI malicious behavior detection model based on minimal attack tree

基于最小攻击树的UEFI恶意行为检测模型

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics