| Anomaly detection method against malicious code can improve efficiency of malicious code detection engine, find the unknown malicious code and decrease detection time. Because of these advantages, this technology has already been being popular field of research for information security companies, large-scale data processing enterprises, network operators and data service provider recently, and it usually is used by network intrusion detection, virus prevention and computer crime forensics affair. Extraction technology of malicious code anomaly detection rules will become the highlight within current industry and research fields, it is a far-reaching significance within theory and practice fields.This thesis discusses the definition and classification of malicious code, and explains how malicious code works and principle about malicious code detection technologies in host-based and network-based environments, characteristic-based and anomaly-based technologies. The thesis describes a common architecture of malicious code detection system.This thesis describes the association analysis in malicious code detection field, it mentions the requirement analysis and architecture design of one malicious code detection system which based on anomaly-based detection rules. There is apriori algorithm as association analysis algorithm in this thesis, this algorithm was invented by Rakesh Agrawal and Ramakrishnan Skrikant in1993.Finally, this thesis uses two kinds of simulating experiments to demonstrate the validity and practicality with the malicious code detection system in telecommunication’s network environment. |
PDF Full Text Request