| Internet technology brings great convenience to people's life,and it facilitates the production and propagation of malware at the same time and is a serious threat to the security of information system.With the development of virtualization technology,that using the Virtual Machine to detect malware has become one of popular ways for researchers.In this paper,mainly research on program behavior's analysis and detection technology on the basis of the virtual machine monitor.Low-level information of a runtime virtual machine operating system,which is monitored,can be obtained by introducing virtual machine monitor.With the captured information,a comprehensive analysis of program behavior method is presented to protect resources of a computer system.Based on above,to achieve malware and its malicious behaviors detection.Firstly,the paper represents the QEMU and its related technologies and detection methods that base on program behavior.Secondly,research on QEMU-based program behavior detection model to capture and/or reconstruct the processes behaviors information,including runtime memory data,the basic kernel events,disk files and network information data.Then adopt the C4.5 algorithm to build a decision tree for analysis of the captured program behavior data,and determine whether the program is a malicious one or not.Base on the research model,design and implementation a malware behavior monitor and detection system,and use it to detect actual malwares.Experiment results show that the proposed model and its corresponding detection system can accurately and effectively detect malicious behaviors. |
PDF Full Text Request