Research And Implementation Of Security Event Integrated Processing System For Malicious Code

In recent years,with the development of information and network technology,an increasing number of government departments,enterprises,according to actual needs and establishing comprehensive business processing system,using the system is fast,efficient,scalable,and many other features and benefits,form a Visual,the paperless office.Subject to the national computer virus emergency response center based security event management environment for malicious code,malicious code designed and implemented security event management integrated management system project based on malicious code prevention-related research.Goals are usually malicious code analysis for network intrusion response with the information you need.One task is to obtain the signatures of malicious code,including host-based signatures,and Web-based signatures,used to detect malicious code.The emergence of advanced persistent threats APT,not only requires the analysis of malicious code malicious activity,and requires the ability to analyze events and his ulterior intentions,for security situation assessment to provide the required information.Firstly,definition and classification of malicious code,and then describes the objectives and methods of malicious code analysis,and analyze the advantages and disadvantages of these methods.This based Shang,according to malicious code analysis system of application environment and analysis needs,proposed has papers of research target and main research content,for user provides a malicious code analysis system,extraction malicious code of attack object and communications features,for NBOS provides blacklist,for CHAIRS of associated analysis provides according to,for MONSTER provides new of rules source,for CERNET trunk network of security guarantees provides support.Secondly,from the static analysis,dynamic analysis,network behavior analysis of several aspects of the system requirements.According to system requirement analysis and design of the structure of the system,including malicious code analysis module,communication object extraction feature extraction module and communication modules.Once more,introduces the implementation of malicious code analysis module,communication realization of object extraction and blacklists with typical examples of design and management,communication studies feature extraction for malicious code.Finally,the key problems in the system are described,including task management,data management and results management.According to the system's user interface needs is realized based on b/s mode user interface,communications and eventually implement a focused sample malicious code analysis and communication feature extraction system.