Design And Implementation Of Malicious Code Analysis Platform

The number and type of malicious code are constantly increasing, and it already has the characteristics of big data. Faced with a large number of malicious code, traditional analytical tools are difficult to play a role. Malicious code analysis process will generate a lot of log. At present, People did not find a good solution to manage, search, analysis the log. For the log the analysis of malicious code generates, this thesis designs and implements the malicious code analysis platform which use big data means to mine the sample direct link to improve the efficiency of malicious code analysis.Firstly, this thesis describes the background and significance of malicious code analysis platform. Then inlroduces functional and non-functioml requirements analysis. And puts forward solution for the design of system. The platform is based on the framework Spark, Hive and Elasticsearch to achieve real-time data analysis, offline analysis and full-text search. And it is divided into four layers:acquisition layer, large data layer, business layer and the presentation layer. Log is pushed into the acquisition layer by Kafka, and after extraction, clean up and transform it into the big data layer. Big data layer is based on data analysis conducted Spark, and provide services for the business layer. Business layer is a Webservice based on REST architecture build by SpringMVC+Hiberate. Business layer interacts big data layer to achieve sample analysis, sample search, report distribution, real-time statistics and other functions. And it is the focus of this thesis describes. The author participated in the following work:(l) Participate in the construction of highly available Hadoop cluster and Elasticsearch cluster. (2) Design user authentication mode and realize user management module. (3) Participate in the design and implementation of e-mail distribution module. (4) Participate in the design and implementation of the sample search function. (5) Realize sample analysis module.The system had finished the test. Those modules designed and implemented by author have been running normally.