Research On Malicious Code Dissemination Mechanism And Technology Of Detection And Defense

The developing of Internet and the increasing demand for sharing of resources,has provided favorable conditions for dissemination of malicious code and has posed the threaten seriously for information system's security. Response to the growing problem of malicious code, this article has conducted the research on the malicious code's dissemination mechanism and the technology of detection and defense against malicious code. Mainly has done the following several aspect work:1. The paper has given the definition and the characteristic of malicious code, and in view of the new characteristic of malicious code, then has carried on the classification from attack angle. This article has analyzed the malicious code which currently popular and appears nearly,such as Spyware,Phishing and IM attacking,and has carried on the classified analysis to the malicious code, which has made the preparation for the following analytical study.2. The paper has analyzed each kind of malicious code's dissemination way and the mechanism thoroughly. The infection principle of PE virus,Macro virus,Script virus is proposed in the third chapter;The dissemination way of Trojan Horse is summaried,and the commonly hiding way and survival technology of Trojan Horse is given from host-based and network-based two aspects;The fundamental principle and the functionality structure of Worm is analyzed, to several worm's important methods of attack, like the buffer overflow attack, the DoS attack and so on,the article has made the analysis and the summary; In view of present popular attack forms such as Spyware,Phishing and so on,their attack principle and the work flow has given, and unified more and more Web services has summarized its attack and the dissemination way at present.3. According to the character of malicious code,the principle and working model of misuse detection,abnormal detection and privilege control is proposed,and the application and implemention of these technology is analyzed from host-based and network-based two aspects against malicious code. Moreover,the article analyzes the synthesis utilization and the implementation of each kind of detection and defense technology.4. From the point of host system intrusion prevetion, I present a new approach to detecting and defending the malicious code based on real-time interception of Windows API. After analyzing the attack behavior pattern of malicious code,from the point of privilege control, I design a method to prevent the attack of malicious code via detecting the calling of system API function.5. From the point of the whole defense,I proposed a interaction modle of detetion and defense including Windows API real-time interception system,firewall and intrusion detection system(IDS).It can enhance and improve the optimization and the timeliness of IDS strategies,thus to improve the capacity of prevention of malicious code's characteristics of integration and three-dimensional.6. From the point of host system intrusion prevetion, for keyboard monitoring, password theft, and other forms of malicious code attacks,after the analysis of the principle of keyboard monitoring,I designed a technical solutions for preventing keylogging under Win32. Through the subclass technology of window, as well as the data exchange mechanism (DDX) of controls,to do the identity check for Windows messages which want to access the keyboard input of controls, thus the solutions can prevent keylogging and information stealing.