虚拟环境下恶意代码检测技术与防范模型的研究

发布时间：2018-05-12 19:34

本文选题：恶意代码检测 + 高斯混合模型　；参考：《西安建筑科技大学》2014年硕士论文

【摘要】：随着信息网络的不断发展，云计算技术广泛应用于各行各业，伴之而来的是云安全问题成为了阻碍云计算向更大空间发展的重要因素。根据近年来互联网安全报告显示，由恶意代码攻击导致的经济损失占有相当大的比例，且恶意代码的破坏力和感染力也在不断增强，影响范围快速扩大，，不仅对用户数据安全造成了严重威胁，更使企业和国家可能遭受巨大的经济损失，因此对虚拟环境中恶意代码检测技术与防范模型的研究显得尤为重要。论文的主要具体工作如下：（1）深入研究数据挖掘聚类和分类算法，采用高斯混合模型对系统提交的异常行为进行模型聚类，提出分层检测机制，为提高模型聚类精度，引入K-L散度来计算模型间的差异度，类内结合信息增益和文档频率两种互补型特征提取算法进行特征选择，最终通过基于支持向量机设计的分类器输出结果；（2）在已有的基于主机和基于网络的恶意代码检测机制的基础上，构建虚拟环境下恶意代码防范模型，采用基于特征和行为的恶意代码检测机制，部署异常信息一体化、日志和报警、同步响应和风险应对策略等机制，实现对虚拟环境下恶意代码的防御；（3）为了检测出客户端无法判断的异常行为，提出了一种可用于客户端与云端交互请求的恶意代码检测算法，将这些无法判断的异常行为提交至云端做更深一步的检测；（4）对主动传播的恶意代码的行为结构进行分析，构造恶意代码行为传播树，将云端无法检测的异常行为通过传播路径重构机制返回至用户，由用户判断分析。最后，在已扩展的云计算仿真平台CloudSim上对虚拟环境进行模拟，结合物理环境的部署和计算进行系统实验。结果表明本文提出的检测方法和防范模型对恶意代码的检测率和准确率保持着良好的性能，在一定程度上可以有效地防范来自网络的恶意代码攻击。
[Abstract]:With the continuous development of information network, cloud computing technology is widely used in various industries, and the problem of cloud security has become an important factor hindering the development of cloud computing to a larger space. According to Internet security reports in recent years, the economic losses caused by malicious code attacks account for a considerable proportion, and the destructive and infectious power of malicious code is also increasing, and the scope of influence is rapidly expanding. It not only poses a serious threat to user data security, but also makes enterprises and countries suffer huge economic losses. Therefore, the study of malicious code detection technology and prevention model in virtual environment is particularly important. The main work of the thesis is as follows: In order to improve the accuracy of model clustering, K-L divergence is introduced to calculate the difference between the models by using Gao Si hybrid model to cluster the abnormal behavior submitted by the system, and the delamination detection mechanism is proposed to improve the accuracy of the model clustering. Two complementary feature extraction algorithms, information gain and document frequency, are used to select the features. Finally, the results are outputted by a classifier based on support vector machine (SVM). 2) on the basis of the existing malicious code detection mechanism based on host and network, the malicious code prevention model in virtual environment is constructed, and the malicious code detection mechanism based on features and behaviors is adopted to deploy the integration of abnormal information. The mechanisms of log and alarm, synchronous response and risk response strategy are used to protect against malicious code in virtual environment. In order to detect the abnormal behavior which can not be judged by the client, a malicious code detection algorithm is proposed, which can be used for client and cloud interaction request, which can be submitted to the cloud for further detection. (4) analyzing the behavior structure of the malicious code propagating actively, constructing the spreading tree of malicious code behavior, returning the undetectable abnormal behavior in the cloud to the user through the propagation path reconstruction mechanism, and judging and analyzing by the user. Finally, the virtual environment is simulated on the extended cloud computing simulation platform CloudSim, and the system experiment is carried out with the deployment and calculation of the physical environment. The results show that the detection method and the preventive model proposed in this paper have good performance on the detection rate and accuracy of malicious code, and can effectively prevent malicious code attacks from the network to a certain extent.
【学位授予单位】：西安建筑科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】