| Malicious code detection is an important security technology after firewall, data encryption and other traditional security measures. It can detect and monitor attacks at the entire process of malicious code attacks. With the continuous expansion of network scale and the appear of new attack techniques, malicious code detection technology also faced with many challenges, such as how to effectively detect unknown malicious code; how to reduce the malicious code detection system false negatives and false positives; and how to improve its safety and accuracy etc.The research purposes of this article as following:(1) To study the principle, attack methods, and the development of malicious code;(2) To study detection techniques, common problems and development of existed malicious code detection system;(3) To research and implement the unknown malicious code detection system based on network behavior analysis, in order to detect unknown malicious code effectively.In this paper, the main work and contributions as following:1. Studying of malicious code definition and classification, a detailed study of attack principles and methods about computer viruses, worms, trojans, spyware. And then study malicious code technology status and development.2. Studying of malicious code detection system definition and classification, main detection techniques and direction of development. Detailed study of network behavior analysis theoretical foundation and main methods, and then to study how to use network behavior analysis on unknown malicious code detection system.3. Designing and implementing unknown malicious code detection system based on network behavior analysis. Designing the system structure, the environment of running, and all system modules in detail. Designing flow chart of the various modules and implementing the unknown malicious code detection system. Building a network environment for testing the system, and analyzing test results in detail. |
PDF Full Text Request