According to the problems of current intrusion detection methods, a new static detection approach towards software behavior trustworthiness was presented. Firstly, software behavior trustworthiness was discussed and defined formally, and was then described with instruction sequences. Secondly, a detection approach and its process were presented. Malicious behavior knowledge obtained through data mining on malware was organized as trustworthiness policy and used to detect and judge unknown software. Thirdly, the approach was implemented and verified by some behavior patterns on chosen samples. The experimental results show that the approach can detect malicious behavior in unknown software with a high success rate.%针对现有入侵检测方法的问题,面向软件行为可信需求,提出了一种新的静态检测方法.首先讨论并给出了软件行为可信性的定义和形式化描述,并以指令序列形式进行表示;然后,提出了检测方法和流程,通过数据挖掘方法对恶意软件和正常软件进行行为知识发现,利用发现的行为知识对未知软件进行行为可信性判定;最后,对方法进行了实现,对一些行为模式使用选定的样本进行了实验验证.实验结果表明,该方法能够依据软件行为可信策略检测未知软件中的恶意行为,检测成功率高.
展开▼
