| The flood of malicious codes and network attacking has brought great damage to the Internet. To enhance the emergency response speed of network attacks that malicious codes actualized, we must rapidly analyze attacking behaviors of malicious codes and design and implement an analysis system to reach the goal.In this paper, firstly, the author compared analyzing tools of malicious codes, then performed analyzing and researching works on characteristic of network attacks, classifying malicious codes, finding the principle and methods of network attacks that malicious codes using, and analyzing methods of malicious codes. Then based on above analysis works and results, the author designed and implemented a malicious code dynamic analyzing system. The main function of this system is to implement automatic analysis of malicious codes'attacking behavior by the dynamical analyzing method. The system has the flowing characteristics: 1) Automatizing the malicious codes analyzing flow which includes the attack information collection, the attack information analysis and the attack recovery. 2) Collecting comparatively detailed attack information. 3) Detecting many kinds of automatic running techniques of malicious codes. 4) Detecting a kind of attack technique of hiding information in registration table and several kinds of attack techniques of hiding process. 5) Implementing visual show of attack reports. 6) Preventing attack from diffusing by the technique of virtual machine. 7) Detecting some new malicious codes.More than a hundred malicious codes which received by CCERT between March 2005 and October 2005 have been experimented by the system. Results reached by analysis of testing results are: 1) Technical methods of malicious codes have used. 2) Attack targets of malicious codes. 3) Some developing trends of attack techniques. 4) Some characteristics of attack techniques. |
PDF Full Text Request