Research And Implementation Of Software Behavior Verification Method Based On System Call

In the current context,with the increasingly close integration of information technology and people's life,the security issues of information technology have a greater impact on people than before.Problems such as network attacks,information leaks,and software defects often cause huge losses.Hence,the trusted computing is proposed to improve the security of the entire information system by guaranteeing the hardware and software security of the terminal system.At present,trusted computing technology has tremendous advantages in ensuring the hardware security of computer platform.However,due to the complexity of software operation,trusted computing technology does not form a feasible standard in terms of ensuring the integrity of software behavior.This thesis studies the current existing software dynamic behavior model.Aiming at the shortcomings of the current trusted computing technology in trusted software development,a measurement model of software behavior integrity is proposed,which is an improvement of the traditional sequential model,and has greatly improved the ability to mine software behavior and the accuracy of verification.This thesis designs a remote verification system for software behavior integrity,which expands software trustworthiness from platform to network in order to form a trusted network environment.Specific research contents are as follows.(1)Research on software behavior model.In the software behavior models which based on system call,sequence model has obvious advantages in the speed of data processing and detection,but the traditional sequence model has disadvantages in model description.This thesis proposes HMM-CBOW model.In HMM-CBOW model,the process of building software behavior based on system call is analogous to that of natural language processing.Through HMM algorithm,accurate software behavior is mined and the relationship between software behaviors is established by using CBOW model.Through experiments,we find that the method of using HMM model to generate normal behavior sets of software has higher behavior coverage and greater model accuracy than traditional N-gram model and improved Var-gram model.(2)Research on remote verification scheme of software integrity.In this thesis,a software integrity remote verification framework is designed based on trusted platform module.In view of the time-consuming training of HMM-CBOW model,the framework adopts offline training and online monitoring.The framework contains detailed implementation methods of software behavior extraction,storage,report and measurement,making full use of the three functions provided by TPM(trusted storage,trusted measurement and trusted report)to expand the trusted network connection verification part from hardware to software verification platform.According to the scheme,this thesis realizes the remote verification system.The system realizes the designed function and has the advantages of small client overhead and fast detection speed.Finally,this thesis summarizes the work proposed in this thesis,and puts forward the direction of further research on defects of HMM-CBOW model and remote verification system.