Research On Code Risk Assessment Based On Behavior Analysis

Along with the rapid development of computer network, network information security is facing serious challenges. Assessing the risk of the code reasonably has become the significant guarantee for malicious code prevention and security emergency response of malicious code. Aimed at the shortcomings of existing research on the risk assessment of malicious code, this thesis presented an architecture of guidelines for the code risk assessment and the manner of its execution based on behavior analysis, which were intended for assessing the risk of the code reasonably, achieving the automation of the assessment and servicing for malicious code detection and prevention.Firstly, the common behaviors of malicious code were analyzed, and the patterns of the behavior characteristics were formed with the system calls and corresponding arguments. After discussing the feasibility of the code risk assessment based on behavior analysis and the design principles of assessment index system, the index system of risk assessment based on behavior analysis was established with the three essential elements, consisting of infectivity, destructivity and survivability. Then all the elements and indexes were expounded in detail。Subsequently, the model of risk assessment based on behavior analysis was proposed. On the one hand, by making reference to the feature extraction algorithms in text classification, the malicious index resolution method based on mutual information was provided, which was used to calculate the basic risk value for the index in the assessment index system. On the other hand, the index weight was calculated by comparison matrix which was usually used in analytic hierarchy process. Whereafter the risk levels of the assessment result were rated.On the basis of above research, the prototype system of code risk assessment based on behavior analysis was designed and implemented, which was composed of four functional modules and two data modules, including data input module, index quantification module, compositive assessment module, management module,behavior index database and index weight database. Finally, the index quantization module and the prototype system were tested, whose results verified that the assessment index system and the implementation of the method were reasonable.