Research On Static Detection Technology Based On Malicious Code API

With the development of information technology,using computers for office has become more and more common for most people.At the same time,with the rapid development of online finance,data security and privacy information have been paid more and more attention to the public.However,a series of malicious code,mainly represented by viruses and Trojans,constantly threatens people's data security.For now,the main operating system that malicious code affects is still the Windows operating system developed by Microsoft.At the same time,detection methods for malicious code are also constantly evolving.To find a way which could detect malicious code quickly and efficiently has always been a hot research direction.This thesis analyzes the of key technologies in information acquisition,startup,and antidetection of malicious code.This article applies the idea of dynamic behavior detection to static detection.In addition,this thesis synthesizes the traditional static feature analysis methods to achieve fast and efficient detection of malicious code in a static environment.In this thesis,a static detection technology based on malicious code API is researched in Windows system,and the main works of this thesis are summarized as follows: 1.This article applies the idea of dynamic analysis to the detection of static analysis,and an improved static malicious code feature analysis method is proposed.The main feature is the static analysis of behavioral features through the construction of feature libraries.Through the analysis of key technologies of malicious code in the previous period,the sensitive API features of malicious code are extracted.This method saves the sensitive API features by constructing a feature library,and is used to match the sample API features during detection.And the matching result is used as the part characteristics of the sample.By adding this feature,a combination of the traditional behavior analysis for the identification of unknown malicious code and the advantages of static analysis for fastness and security is achieved.2.A static detection model based on malicious code API was designed and implemented,and related performance test analysis was performed.This article compares the factors affecting the results,such as feature selection and classifier selection.The performance of the model designed in this paper was tested.The result shows that the detection accuracy of this method for malicious code samples reaches 99.975%,which is increased by about 2.2% compared with the best results of other static detection methods.Compared with dynamic analysis,this method uses batch analysis of 10,000 files for only 20% of the analysis time for a single file by the dynamic analysis method.All these tests verify the feasibility of the model.Integrate these technologies,this thesis discusses the function and concealment of malicious code in Windows,analyzes the feasibility of static analysis of dynamic features through feature libraries,and the significance of the introduction of machine learning to the detection of malicious code.This thesis discusses the significance of effective security detection by studying the key technologies implemented by malicious code from the perspective of attack technology.