Dynamic Knowledge Repository-Based Security Auxiliary System of User Behavior

摘要

Traditional malware detection usually relies on the detected file only, not considering the usage scenario. This paper introduces the patterns of user behaviors, in addition to the normal dynamic analysis of process behaviors. The maliciousness of unknown file is calculated by attack tree model and Bayesian algorithm based on the file behaviors and sources. We count the security weights of file sources where users download or copy files, indicating the use habits and the safety consciousness. The assessment value of host security is finally obtained by knowledge repository update and dynamic machine learning, helping users to detect the behavior pattern and reinforce the host security. Experiments show that the accuracy of malware detection increases with the improvement of user's safety habits. As a result, our model can detect malware and lead the user to use computer securely in a realistic way.