Detection Method Of Malicious Codes And Its Application In Security Assessment

The21st century is the times of information. Information technology, especially the Internettechnology’s development brings much convience to people, also brings many security threats. Asone of the important factors that threat the security, malicious code catchs all parts’s attention, andin present research, become the main point. This paper put the emphasis on the detetion ofmalicious code and its application in classified protection and security assessment of informationsystem.Based on the present research status, this paper introduces the kinds of malicious codes, themechanism of their exisitence and spread, the key technology they used. Then, this paperintroduces two analytical methods. One is static analysis method, for example, source codeanalysis, static disassembly, strings analysis; the other is dynamic analysis method, it includesbehaviour monitoring, dynamic disassembly. After this, this paper illustrates the most usedmalicious codes’ detection technologies, like signature scanning, virtual machine scanning,heuristic scanning, behavior judgment scanning, etc.With the analysis of a large amount of malicious code, this paper poses a detection methodbased on extended attack trees. Through formalizing the behaviour of malicious code, combinedwith the detection model, extended attack trees’ principle and its derivative process, to analyze andjudge wether the program is malicious code and its hazard level.With the legalization of classified protection of information system, banking, securities,electric power, telecommunications and other important infrastructure industries are stepping upthe implement of classified protection work. This paper studys the basic content of classifiedprotection, and describes the specific requirements and application of malicious code detection’scontrol from the aspects of standards, systems’ design and implement, testing&evaluation requirements, testing&evaluation word guideline.Focused on the problems that exposed in security assessment work, this paper describes asecurity assessment system that based on multiple data fusion technology. In this system, theassessment factors contain twelve big testing&evaluating items and thirty-three smalltesting&evaluating items. This paper detailedly describes the malicious code detection system’sdesign. The malicious code detection system uses signature scanning and behaviour judgementscanning, uses AC algorithm to implement the signature scanning, employs extended attack treesto achive behaviour judgement scanning. The system uses the AHP method to calculate the weightof malicious code detection item, and returns back the test results to the security assessment systemas to quantify the whole system’s security condition.