| Attacking computer files is an important means of malwares attack. File Malwares are programs which steal, tamper or delet computer files. This paper focuses on the definition and defense technology of File Malwares.Defination and defense of malware are difficult world widely. To solve this problem, the concept of User Intention has been proposed. User Intention references to file authorization released by the user, which means the user agreed a program to access a file which a model. If file access of a program violats the User Intention, this program is Explict File Malware. Implicit File Malwares are pointed to those programs which steal, delete, or tamper files, but is not against the the User Intention. For explicit File Malwares, researchers have studied deeply, and obtained a series of good results. But for Implicit File Malware, it is still on description level, without substantive progress.To solve the definition and defense of File Malware deeply, this paper puts the concept of Program Intention forward, and gives the definition of File Malware based on User Intention and Program Intention. The definition covers not only Explicit File Malwares completely, but part of Implicit File Malwares. Then this paper builds a File Malware Defnese Model, and finally realizes and tests it.This article mainly as follows:1. Put the concept of Program Intention forward, and define the File Malwares. Program will to a program of action in advance, refers to the authorized user issued a user will later, program should promise or action (including function calls and file operation), the basic idea is between programs, will, procedures and documents of the relationship between visit its affiliated enterprises, and a strict access control, ensure all access according to the predetermined manner. And the traditional malicious programs of the technical definition different from the Angle of the program, to file type malicious programs to define, can seize the malicious programs "malicious sex" essence.2. Build a File Malware Defnese Model (FMDM) based on the User Intention and Program Intention. By using state machine, the article formaly descripts the FMDM and its safety certificate. Proved that the model not only can protect user files, but also can on the system files and application documents provide protection.3. Realize a File Malware Defense System (FMDS). FMDS mainly includes three parts: User Intention extracting module, visit intercept module and authorization judge module, one for each user access to and procedures, intercept program will file access request and API call request, and determine whether the allowed the related request. Program To realize FMDS, can FMDM actually test the validity of the model, the nature of the security inspection for model provides the basis. 4. Test the defense system FMDS. The tests included safety test and performance test. The results show that the system has higher safety, and small effects on computer system. |
PDF Full Text Request