Bots Malicious Code Detection

With the popularization and application of computers and networks, enterprises and users are faced with a growing number of security issues. Recently, more and more malicious code which spread in the network, has a great threat in network security, and caused great economic losses. Bot integrate of a number of viruses, trojans, worms characteristics, and accept the control command, control thousands of hosts to simultaneously attack a target. It has a great threat to security. This type of malicious code has aroused widespread concern in the field of network security.To response security threats of malicious code and current detection technology problems, the paper proposed the malicious code detection method which based on behavioral characteristics BP network. The method make up such problems which exist in current detection methods, such as signature matching detection method should not detect unknown malicious code, behavior analysis methods can not effectively judge the malicious code, and pattern recognition methods encounter some anti-detection methods. Then, the paper implements the malicious code detection system with such method. Finally, test the samples detection.In this paper, the work in research method and implement system such as:(1) Many types of bot and other types of malicious code samples are collected. The techniques of collect malicious code samples are studied and the sample collection platform is built. Then the malicious code samples database is set up.(2) Several typical bot samples and some other types of malicious code are analysis. Some behavior characteristics at the stages of spread control and attacks are collected. Final state machine feature model are set up.(3) BP network and machine learning methods are researched. The behavior characteristics of bot are defined and quantified. Then the BP network structure of detection is designed and input samples to allow detection of the network study, and get an ideal network model. The model not only can detect bot, but also can detect trojans and worms.(4)Malicious code detection system is designed based on the above findings. The main function of system is malicious code classification and recognition. There are two key questions that are solved in our system. One is analysis samples'behavior which impact on the system. The other is capture samples'control information and attack information at the network transmission. The three modules are implemented in our system, include conduct monitor, network monitor and system restore. The function of the detect system is test, the accuracy of samples detect is test, and the result of test is analysis.