| With the rapid development of information technology, computers and network bring us not only productivity but also security problems. Malicious Code is one of these problems, Because Malicious Code widely spread, they are very dangerous. They can damage data, even computer hardware. So, it is important to study better Malicious Code technique.This article discussed the definition and classification of malicious code and studied its work principle. Corresponding technology to prevent malicious code was proposed. It also studied and summarized host-based malicious code detection technology commonly adopted at present like characteristic code, integrity, virtual host and so on. At the same time, malicious code detection methods on the network environment were discussed. Besides, the intrusion detection system often used in malicious code network detection was introduced.After studying the work principle of malicious code and existing detection and prevention technology, on the basis of the author's own work experience, the article put forward to apply the theory of analysis method of correlation based on causality to the network detection of malicious code. This method introduces the notion of hyperalert. In the notion, alert represented the attack step of malicious code, the predicate indicated the precondition and consequence of every alert, and"resource tree"was used to standardize the explanatory notes of predicate. Through matching the preconditions with the consequence of different alerts, correlation based on causality among different alerts which was also vividly revealed by hyperalert association graph was found. Such kind of method could clearly show different characteristics of different malicious codes. Therefore, it is of practicability in network detection of malicious codes. |
PDF Full Text Request