基于行为监控的木马检测系统研究与实现

发布时间：2018-06-04 07:16

本文选题：木马检测 + 行为监控　；参考：《北京邮电大学》2014年硕士论文

【摘要】：随着Internet技术的快速发展和计算机网络应用的越来越广泛,网络在给人民大众的生活带来极大便利的同时也带来了各种各样的安全问题,其中木马程序随着网络的发展开始在网络中泛滥,破坏计算机系统,已经越来越成为广大网民面临的最大的网络危害之一,因此研究如何快速高效的检测出新的木马程序有较为重要的意义。本文通过分析研究网络中流行木马程序的运行过程,对木马程序在植入阶段、运行阶段、联网阶段和自我防护阶段常见的行为特征进行了分析和和总结,以此为基础,提出一种通过木马程序的特征行为构建出木马攻击树并结合基于三角模糊数TOPSIS的模糊优选评价模型实现木马判断的木马检测方法,最后实现了木马检测系统。本文主要做了以下一些工作： (1)对当前流行的木马技术和木马检测技术进行了分析研究。对相关的木马检测技术进行了介绍并总结了其优缺点,其中重点介绍了基于行为监控的木马检测技术。 (2)设计了一种基于行为监控和三角模糊数TOPSIS的木马检测方法：通过对可疑程序的运行进行行为监控从而捕获到可疑程序的行为特征,将获取到的可疑程序的行为特征与已提取的木马程序的典型行为特征进行比较和匹配,然后构建木马攻击树并结合基于三角模糊数TOPSIS评价模型实现木马行为判断。 (3)依据基于行为监控的木马检测方法的理论设计了基于行为监控的木马检测系统的框架,并详细描述了基于行为监控的木马检测系统各模块的具体实现原理,最后对该木马检测系统进行了实验。
[Abstract]:With the rapid development of Internet technology and the wide application of computer network, the network not only brings great convenience to people's life, but also brings a variety of security problems. With the development of the network, Trojan horse programs have begun to overflow in the network and destroy computer systems, which has become one of the greatest network hazards faced by the vast number of Internet users. So it is very important to study how to detect the new Trojan program quickly and efficiently. Through analyzing and studying the running process of the popular Trojan horse program in the network, this paper analyzes and summarizes the common behavior characteristics of the Trojan horse program in the implantation stage, the running stage, the network stage and the self-protection stage. This paper presents a Trojan horse detection method based on the characteristic behavior of Trojan horse program to construct Trojan horse attack tree and combine fuzzy optimal evaluation model based on triangular fuzzy number TOPSIS to realize Trojan horse judgment. Finally, the Trojan horse detection system is implemented. The main work of this paper is as follows: The current popular Trojan horse technology and Trojan horse detection technology are analyzed and studied. This paper introduces the relevant Trojan horse detection technology and summarizes its advantages and disadvantages, especially the Trojan horse detection technology based on behavior monitoring. (2) A Trojan horse detection method based on behavior monitoring and triangular fuzzy number TOPSIS is designed. By monitoring the behavior of suspicious programs, the behavior characteristics of suspicious programs are captured. The behavior characteristics of the acquired suspicious programs are compared and matched with the typical behavior features of the extracted Trojan programs. Then the Trojan horse attack tree is constructed and the Trojan horse behavior judgment is realized based on the triangular fuzzy number TOPSIS evaluation model. According to the theory of Trojan horse detection method based on behavior monitoring, the framework of Trojan horse detection system based on behavior monitoring is designed, and the realization principle of each module of Trojan horse detection system based on behavior monitoring is described in detail. Finally, the Trojan horse detection system was tested.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【相似文献】