| As the Internet continues to develop, malicious code technology with continuous progress. Network security against malicious code to harm the growing problem in recent years, in order to improve network security protection system against malicious code detection results, this paper analyzes the network traffic in the form and characteristics of malicious code, combined with improved multiple sequence alignment algorithm designed and implemented a web-based communication operations malicious code behavior monitoring system.Although many types of malicious code, the way he spread in the network has a corresponding feature, most of the malicious code via network attacks have certain rules, with unique features such as remote control Trojan horse and zombies The identification code, they also take the feature extraction code similarities, web backdoor characteristics are different. For those malicious code attacks or confused by a transit attack is difficult to identify, resulting in a relatively difficult time to pair analysis is not a malicious attack, where you need to add a whitelist for protocol analysis, if it is normal protocol, you do not need to match direct filtration, it would greatly reduce the system memory usage. To this end, a series of studies:Firstly, the current mainstream of network characteristics of malicious code extraction techniques, mainly covers the features of these technologies, the process and its implementation achieve the effect, by analyzing the different network feature extraction methods, used in combination to provide significant design system for the herein Help.Secondly, the types of malicious code and communication theory, this paper analyzes the Trojan works and communications technology, discuss features of the Trojan network operating behavior of the extraction method. Then study the single-mode and multi-pattern matching algorithm, the characteristics of the network traffic Trojans feature extraction algorithm appropriate for applications such as single mode matching the memory makes the performance of the system too greatly reduced, and the use of single-mode and combined with multi-mode enables the system to reduce memory usage performance also improved a lot.Different malicious code propagation in the network has the appropriate characteristics, they feature extraction methods are not the same, the paper mainly for remote control Trojans, bots Trojans, backdoor pages feature extraction studies, remote control Trojans and Trojan features zombies Extraction similar, the main transport layer extracted special data segment. Extract pages backdoor way is different, it revolves around two aspects is get inside a special field, followed by analysis of the entire packet.This paper has introduced the Trojan feature extraction technology, process technology to achieve capture, detection algorithm and detection system, and in a real big test port traffic analysis to ensure the accuracy of the detection system reliability, stability, and results. |
PDF Full Text Request