Computer Engineering and Applications ›› 2012, Vol. 48 ›› Issue (32): 14-17.

Previous Articles     Next Articles

UEFI malicious behavior detection model based on minimal attack tree

JIANG Zhengwei1,2, WANG Xiaozhen1,2, LIU Baoxu2   

  1. 1.Graduate School,Chinese Academy of Sciences, Beijing 100049, China
    2.Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049, China
  • Online:2012-11-11 Published:2012-11-20

基于最小攻击树的UEFI恶意行为检测模型

姜政伟1,2,王晓箴1,2,刘宝旭2   

  1. 1.中国科学院 研究生院,北京 100049
    2.中国科学院 高能物理研究所 计算中心,北京 100049

Abstract: The potential risk from source code, extension modules of Unified Extensible Firmware Interface(UEFI) and network is pointed out. The shortcomings of existing BIOS and UEFI malicious code detection methods are analyzed, UEFI attack tree and threat level are defined, a UEFI threats model database and malicious behavior character database are built together as an attack tree model with dynamic expansion, weighted minimal attack tree algorithm is designed for UEFI malicious behavior detection. The experimental results show the effectiveness and the expandability of this proposed model.

Key words: Unified Extensible Firmware Interface(UEFI), malicious code, attack tree, security risk

摘要: 指出了UEFI中源代码、自身扩展模块及来自网络的安全隐患,分析了传统的BIOS与已有的UEFI恶意代码检测方法的不足,定义了结合UEFI平台特点的攻击树与威胁度,构建了动态扩展的威胁模型库与恶意行为特征库相结合的攻击树模型,设计了针对UEFI恶意行为检测的加权最小攻击树算法。实验证明了模型的有效性与可扩展性。

关键词: 统一可扩展固件接口, 恶意代码, 攻击树, 安全风险