随着互联网的高速发展,网络安全威胁也越来越严重,针对恶意代码的分析、检测逐渐成为网络安全研究的热点。恶意代码行为分析有助于提取恶意代码特征,是检测恶意代码的前提,但是当前自动化的行为捕获方法存在难以分析内核模块的缺陷,本文针对该缺陷,利用虚拟机的隔离特点,提出了一种基于“In-VM”思想的内核模块恶意行为分析方法,实验表明该方法能够分析内核模块的系统函数调用和内核数据操作行为。%With the rapid development of Internet,threats of network security have become increasingly serious.Mal-ware analysis and detection have become a hot research topic.Malware behavior analysis helps to extract the characteristics of malicious code,is the premise of detecting malicious code,but at the current level of development,the automated capture method is difficult to analyze behaviors of kernel module.In order to solve this problem,this paper proposed a kernel mod-ules malicious behavior analysis method based on “In-VM”,experimental results show that this method can analyze system calls and data manipulation of kernel modules .
展开▼
