Malicious Code Behavior Dynamic Analysis Technology Research And Implementation,

In recent years, the flood of malicious codes and network attacking has brought great damage to the Internet, and new threats are emerging, the increasingly serious problem of information security, not only so that enterprises and users suffered huge economic losses, but also the country's security Facing a serious threat. To enhance the emergency response speed of network attacks that malicious codes actualized, we must rapidly analyze attacking behaviors of malicious codes and design and implement an analysis system to reach the goal.In this paper, firstly, the origin of malicious code and development, compared analyzing tools of malicious codes have been introduced, then performed analyzing and researching works on characteristic of network attacks, finding the principle and methods of network attacks that malicious codes using, and the malicious code research at home and abroad. Then based on above analysis works and results, designed and implemented a malicious code dynamic analyzing system. The main function of this system is to implement automatic analysis of malicious codes' attacking behavior by the dynamical analyzing method. The system has the flowing characteristics: 1) Automatizing the malicious codes analyzing flow which includes the impace of the operating system files, network, registry and process. 2) Collecting comparatively detailed attack information. 3) Detecting many kinds of automatic running techniques of malicious codes. 4) Detecting a kind of attack technique of hiding information in registration table and several kinds of attack techniques of hiding process. 5) Preventing attack from diffusing by the technique of virtual machine. 6) Detecting some new malicious codes.One hundred and seven malicious codes which received by honeypot between January 2008 and March 2008 have been experimented by the system. Results reached by analysis of testing results are: 1) Technical methods of malicious codes have used. 2) Attack targets of malicious codes. 3) Some developing trends of attack techniques. 4) Some characteristics of attack techniques.