| Malware behavior capture system is the basis of the malware behavior capture analysis which can improve the defense capability of the malware. Nowadays, with the development of malware technology, the structure and pattern of malware becomes much more complex, which made the current anti-malware technology hard to effectivity deal with. How to capture the malware behavior much more effectively is becoming the research hotpot in information security area, and how to efficiency and accuracy describe the malware behavior is the basis of malware behavior capture technology. Based on these issues, this paper propose a description method of malware behavior, and implement a malware behavior capture protocol system. The main work includes as follows.First, this paper reviewed the current methods used in malware capture technology.Second, this paper proposed a multi-dimension based malware description method,which utilizes malware characters such as behavior time, behavior type, behavior dependence to describe malware behavior. Results show that this method can effectivity reduce the impact of malware interference, thus improve the accuracy and efficiency.Third, this paper proposed an multi-Agent based malware behavior capture framework, which utilized the agent’s autonomy and flexibility, got the target system information in real-time. Finally, we designed and implemented the prototype system of capturing the malware behavior. Based on a representative sample of malware dataset,we verify and validate the proposed method in accuracy and AUC. Results show that the proposed method is better in efficiency and accuracy. |
PDF Full Text Request