Design And Implementation Of Malicious Code Behavior Monitoring And Analysis System

With the development of information technology and the popularization of Internet,people have been more and more dependent on the Internet.Network brings convenience to people,but at the same time,it brings all kinds of security problems.Among them,the malicious code with high hazard capacity has caused huge security threats and economic losses to individual,organizations and national governments.For this reason,many researchers at home and abroad have done research on malicious code.Based on the dynamic monitoring of malicious code technology,this thesis captures the malicious code behavior information,analyzes the behavior semantics,warns the abnormal behavior and manages the information through the visualization method.This thesis first expounds the background and development status of malware analysis system,and then puts forward the functional and non functional requirements of the system based on characteristics of the product and user,and gives the solution of system design and implementation.The system is composed of monitoring subsystem and visualization subsystem.The monitoring subsystem uses API Hook,SSDT Hook technology and the analysis algorithm based on decision tree to implement the monitoring of process,file,network,registry operation behavior on computer and the recognition of ten kinds of abnormal behavior.The visual subsystem builds Restful Web service based on the SpringMVC and MyBatis framework,and implements the warning of abnormal behaviors and the management of warning information,host information,user information and log information.The author has participated in the following work:(1)Design and implement the monitoring of file and process operation.(2)Participate in the design and implementation of the log analysis and the analysis module of ten abnormal behaviors.(3)Design and implement the visualization subsystem's business logic.(4)Participate in the design and implementation of database and UI.The test result shows that the system can effectively capture,analyze and warn the abnormal behavior of malicious code,also has a good performance of behavior monitoring,analysis and information management,which can meet the needs of users.