基于CFG的恶意程序变种检测的研究
时间:2018-09-11 11:03 来源:毕业论文 作者:毕业论文 点击:次
摘要恶意程序变种的静态在检测在提高系统安全性中发挥了重要的作用。使用控制流图是静态检测的一种重要方法。控制流图现已被证实是多态恶意程序实例特征的有效表示方法。为实现对恶意程序变种的检测,本文使用了基于CFG的检测方法,并将整个流程清晰地划分为三个部分,即恶意程序检测、CFG获取与绘制、基于CFG的比较。在恶意程序检测中本文针对恶意程序独有的危险行为进行归纳,进而确定一个程序的危险系数,从而判定它是否为恶意程序。当获得一个待检测程序时,本文通过文件列表获得它的基本信息,找到其中的方法,为每一个方法生成一个签名,并绘制相应的CFG图。之后通过对比已知的恶意程序,和待检测程序的CFG图像的相似度,来实现对恶意程序变种的确定。28151 在系统可视化中,本文将展示一个安卓程序的信息概况,及每一个方法的CFG图像。CFG图像是使用GraphViz绘制的,程序界面用SWT实现。这样可以使分析过程更加清晰的展现出来。有了可见的CFG图像,能够有助于本文轻松的理解两个程序间的比较,使比较过程更加直观。 该系统通过了一定数量的样本进行检测,能够检测出一般的病毒APK。随着基于安卓系统的技术发展,系统安全将成为令更多人关注的方面,对病毒变种的研究将产生越来越多的价值。 关键词 恶意程序 变种 静态检测 CFG GraphViz 毕业论文设计说明书(论文)外文摘要 Title Design of malware detection system based on CFG Abstract Static detection of polymorphic malware variants plays an important role to improve system security. Using the control flow graph is an important method to static detection which has shown to be an effective characteristic that represents polymorphic malware instances. In order to realize detection of malware variants, We use a detection method based on CFG and the whole process will be clearly pided into three parts, Malware detection, CFG acquisition and map, comparison based on CFG. We summarized the unique risk behavior in the malware detection related to malicious program,then determine the risk of a program, to determine whether it is malicious programs.When get a program to be detected, we get the basic information from the file list, for each method find the way to generate a signature, and draw the corresponding CFG figure.After comparing the known malicious programs, and test procedure of CFG image similarity, we implement the determination of malware variants. In system visualization, we will show the path of a program, and each method of CFG images. CFG images were drawn using GraphViz and program interface using SWT. This can make the analysis process more clear. CFG visible images can help us easily understand the comparison between the two programs, make the process more intuitive. The system passed a certain number of samples for testing, to detect the virus APK in general. With the technology development of based on android system, system security will become a focus to more people, the research of virus variant will produce more and more value. Keywords Malware variants static detection CFG GraphViz 目 次 摘 要 3 1绪论 1 1.1 论文背景 1 1.2 研究意义 2 1.3 研究内容 2 1.4 论文组织结构 3 2恶意程序的定义、分类及检测过程 4 2.1 恶意程序定义 4 2.2 恶意程序的分类 4 2.3 恶意程序与其变种之间的关系 5 (责任编辑:qin) |