Research On Malicious Code Detection Techniques For Information System

With the rapid development of national information technology and the enhancement of comprehensive national strength,the eavesdroppers mainly focus on the information of trade secret and state secret.Due to the fact that the hardware and software localization process of external information system can't meet the current technological developments and needs,there are a large number of system vulnerabilities and attack vectors available for the eavesdroppers.The malicious code as the typical attack manner is common in the information system,and its attack manner constantly optimizes.If the malicious code can't be detected and removed timely,it not only damages the information system's partial function and application environment,but also directly steals sensitive secret information resulting in serious damage to the national security and economic development.Thus,the malware detection technology has become the research focused questions of government,military and scientific research institutes.The researchers have studied the malicious code characteristics,formation systems security and other related technologies for a long time,and proposed a variety of effective techniques and mechanisms to attempt to solve all kinds of security issues encountered within the information systems' malicious code detection and clearance studies,but these techniques are not well adapted to the environment and the characteristics of the integrated information system.We make the basic characteristics of malicious code within the information system as the study object,the information system security as research content.We proposes comprehensive malware detection method by depth study of the malicious code behaviors that can adapt to the information system environment,and have the special attack and latent features from a practical point of malicious code detection.Firstly,applications,processes and services are relatively simple,especially the access behavior of file,network and registry in the classified information system.So the detection method of high accuracy based on the Homogeneous Hidden Markov Models is proposed to deal with the fact that malicious code is good at camouflage and adds disorder behaviors to evade detection.This method calculates the probability of dangerous behavior characteristics,and can accurately identify disguised manners of malicious code program packers and disorderly behaviors.It improves the detection rate of malicious code within information system environment.Secondly,malicious code often takes advantage of the variant manner to confuse the malicious characteristics and behaviors.So malware detection method based on heuristic is presented.This method uses static characteristics and streamlines features in accordance with the determination of entropy feature to find all samples that are different from the normal samples.For the malicious code using self-modifying code techniques to hide their own malicious code logic,we propose the method based on virtual machine technology to target the location of newborn malicious code,then call the static heuristic detection to finish the work.Lastly,the most notable feature of malicious code is the self-concealment in the information system.We propose the malicious code detection method based on the host detection in order to achieve the best prior prevention result.It obtains the call hierarchy tree of system function of the conventional system service or application objects,and compares similarity degree of the real-time call hierarchy tree and the normal result.If the similarity degree exceeds the threshold,it is determined that the current behavior the function call is malicious.This method can achieve proactively identify especially for the suspicious target using common application vulnerabilities,and actively induce malicious code attacks so as to realize real-time detection.