Research Of The Malicious Code Front-end Detection Technology In The Cloud Security Environment

In current network environment, the rapid evolution of computer viruses has led to the development of anti-virus technology. Anti-virus technology has appeared one by one, in which attribute code method is the most traditional one. Attribute code method detects viruses by matching the features between the test program and the database which contains the known features. However, the development of viruses has brought new challenges to traditional attribute code method. The hysteresis quality of this method makes virus detection lag behind its appearance. This method cannot effectively detect the unknown virus whose characteristics do not exist in the virus database.With the development of cloud security technology and its wide use in practice, anti-virus technology has a larger development space. And behavior analysis technology is particularly prominent which can identify unknown malicious code in advance. This method is becoming a hot spot in anti-virus area. Before analyzing the behaviors of virus, we must determine the dynamic behavior rules (features). We introduce 35 behavior features of the viruses when they carry out their implantation, installation and function in computers. Based these 35 features, we describe the method to capture malicious behavior in detail.In this thesis, we establish classification algorithm connect with the dynamic behavior characteristics of the sample programs. Design learner according to the multiple attributes' values of training samples, this algorithm can effectively classify the samples. According to the black and white detection and the black and gray detection of the malicious code, we respectively construct black white detection model based on minimum distance classifier and black gray detection model based on AdaBoost classifier, using both models to classify the samples. The experiment results prove the classification accuracy of the improved minimum distance classifier. Compared with other nonlinear methods, this classifier has a much smaller computation cost. The model has high practical value in actually work, and AdaBoost classifier also obviously reduce the false positives results of gray sample .In addition, we design and implement the malicious code samples automatic behavior analysis system, which can effectively deal with the problem of massive samples reported. This online processing system is based on virtual machine control technology, and primely meets the needs of analysis massive samples.