Research On Malicious Code Detection Technology Based On Multi-Level Cooperation

In recent years, the formal organization, the desire for profit, the professionalism and the purpose of network attacks are continuing to strengthen. Malicious codes such as virus, worms and trojans are spread more frequent on the network, with techniques adopted developing continuously, which brings a huge threat to the normal network application security.Malicious code detection and prevention technologies are widely used nowadays, which include malicious code entities detection technologies based on signature, as represented by virus protection software, as well as intrusion detection technologies based on rules(signature of attacks), as represented by network intrusion detection systems. These two types of detection technologies are lack of detection capabilities for unknown malicious codes, or malicious codes which processed by techniques such as polymorphism, metamorphism and packer. Thus the detection technologies based on behavior analysis are becoming hotspots which most of the security companies and agencies are researching.In this paper, the detection techniques of behavior analysis have been studied and analyzed, and a malicious code detection method based on multi-level cooperation is proposed. The paper contributes mainly on the following aspects.1. We give an introduction of the basic concepts and classification of malicious code, the current implementation technologies, analytical techniques and detection techniques. The problem and the development trend of current detection techniques are analyzed.2. The current situation and framework of malicious code detection techniques based on behavior analysis are reviewed, and we analyzed the advantages and disadvantages of behavior analysis as well as put forward ideas for improvement.3. Based of Malicious code's life cycle division and research, a new definition and classification method in abnormal behavior of malicious codes is presented, the relevance and similarity of abnormal behavior of malicious code are summarized, and the availability of relevance of similarity in detection of malicious code is also demonstrated.4. A malicious code detection method which based on multi-level cooperation is presented. The procedure of multi-level cooperation on the circumstance of NWS combined with PERL through simulation experiments is implemented. The simulation results show the effectiveness of the method and make clear the aspect and elements that needed to improve.