The Research And Realization Of Vicious Procedures Detection System Based On Virtual Execution Technology

It is well accepted that the computer technology brings great convenience to people's life, and evidently improves the working efficiency. However, it also leaves us various security threats. In recent years, with the computer mass popularity and network attack threshold gradually debase, malicious program is increasing at an astonishing rate. The traditional test method based on the characteristics code has a better detection effect to known malicious program, but the limitation of can't test the unknown malicious programs makes it can't meet the needs of the reality. Dynamic testing method which based on the virtual execution could analysis behavior of the procedures, suitable for checking the unknown malicious programs.This paper puts forward the concept of malicious similarity, malicious similarity can well described to test procedures and the known malicious programs similar degree. Put forward based on the analysis of chromatography malicious program detection methods, this method can stay test procedures according to the behavior of the effective calculated to sequence of test procedures malicious similarity. With the deep research of the virtual execution technology technologies, design and realized malware detection system based on virtual execution technology. The experimental results show that the system can achieve the desired target.This paper mainly in the following several aspects of the research work: Design and implement a malware detection system based on virtual execution technology. This paper analyzed the existing mainstream malware detection methods, summarized advantages and disadvantages of each detection method, design and realized malware detection system based on technology of virtual execution.Design a sandbox. With research and analysis of the existing sand-boxed technology, design and realize the sand box from the document, the registry, service, network, process, five key based on redirection technology. Sandbox could isolation virtual environment and physical environment, and on the optimization in speed, speed is faster.Put forward malicious program test method based on the analytic hierarchy process (AHP). In this paper design and realization malicious programs detection methods of in the system based on the AHP, this method in the different malicious acts with different degree destructive characteristic, the AHP get different weight of the malicious behavior, then treat test procedure behavior of weighted summation series, and in accordance with the confirmation of the malicious program sex.Put forward the concept of malicious similarity. This paper in view of the present situation of malicious program hard to quantify objective analysis, proposed the concept of malicious similarity. Malicious similarity can describe similarity of malicious programs well to test procedures, provide the objective basis for judge for malicious programs.