Research On Malicious Code Detection Method Based On Non-packets-reducing

In the situation for detecting single file object, based on the detection system has a host of more detection capability and installation costs, but the cost of each operation detecting device is too expensive and not easy arranged in a large network environment, the application of the actual among network-based detection systems have broader application scenarios can be deployed onto more network nodes, based on this case, the malicious code detection system for the network to enhance its ability to detect a single device enables the system faces make better the performance of the malicious code intrusions, network security defense in the field to achieve better performance. Web-based malicious code detection system has myriad of front-end testing equipment, but they are relatively low-end, low unit costs, can not be the same as the host detects the captured data in the network traffic flow restored, even if the line is also time-consuming, once the processing speed to keep up with network traffic, you will lose a large number of intercepted data packets.Now the network-level malicious code detection system can only be matched against the rules of behavior patterns, the content of the detected attacks either have planted malicious behavior of malware in the network segment, or is aggression inward extranet network and host the same can not respond to virus detection planting process. If combined with the advantages of both the function of the host can be applied to the file to detect the network analysis of network data packets is detected among the cultivation process can be achieved to detect the virus.The previously mentioned limitations of front-end devices because of their data can not be restored, so if we make the host in front of the detection system can not detect recombinant packet on whether the packet is malicious code has a major significance in the data packets without reduction Under the conditions, the use of the contents of a single package directly to the feature match of suspicious packets and then an alarm is generated, can significantly enhance the ability to detect malicious code based detection system front-end host network, and ultimately to the spread of the virus can be detected during the purpose of the exception.The most critical technical difficulty lies in how to implement this program designed to apply to non-packet-based malicious code detection technology to restore the signature scanning detection engine, the engine including a signature scanning to detect signatures selected to build signatures for efficient features matching algorithm and other key points. Although there are a variety of related full signature scan technology, but the application scenarios are based on a host of malicious code detection systems, these technologies generally selected signature is longer, but it does not quite match the exact requirements of the matching rate, if these technologies mechanically, will result in a network environment signatures likely to be truncated to match the efficiency of the system is not enough to make a lot of dropped packets and other issues. This article will focus on the design and implementation of research-based signature scanning techniques applicable to non-reduction package malicious code detection system, the key to open up and implement the system, and finally tested for authentication.