A Dynamic Recognition System of Unknown Malicious Programs Based on Host Characteristics

doi:10.3969/j.issn.1006-2475.2016.03.021

Abstract

Abstract: Characteristics of states changing before/after the execution of unknown malicious programs were analyzed, a novel host characteristics-based unknown malicious programs dynamic recognition system is developed by using virtual execution technology. All suspicious programs were redirected into the special sandbox and executed. The unknown malicious programs were recognized by real-timely monitoring and deeply analyzing files, regedits, processes, services and network systems of the virtual hosts in sandboxes. Next, according to the real-time records in the process of the execution of the unknown malicious programs, early warning strategies were produced to protect the files of the real-world scenarios from being altered or attacked. Experimental results show that the accuracy of this system for unknown malicious programs recognition has been improved significantly. Hence, it can high-efficiently prevent smart grid from being attacked by the unknown malicious programs.

Key words: smart grid, unknown malicious programs, recognition, virtual execution, host characteristics

CLC Number:

TP309

LIU Zhi-yong1, WANG Hong-kai2, LI Gao-lei3, WU Jun3, SU Ya-ting1. A Dynamic Recognition System of Unknown Malicious Programs Based on Host Characteristics[J]. Computer and Modernization, 2016, 0(3): 105-110.

References

[1] 李文武,游文霞,王先培. 电力系统信息安全研究综述[J]. 电力系统保护与控制, 2011,39(10):140-147.

[2] Yan Ye, Qian Yi, Sharif H, et al. A survey on smart grid communication infrastructures: Motivations, requirements and challenges[J]. IEEE Communications Surveys & Tutorials, 2013,15(1):5-20.

[3] IEC 61850, Power Utility Automation[S].

[4] 蒲石,陈周国,祝世雄. 震网病毒分析与防范[J]. 信息网络安全, 2012(2):40-43.

[5] 刘雪艳,张强,李战明. 智能电网信息安全研究综述电力信息与通信技术, 2014(4):56-60.[J].

[6] Yan Ye, Qian Yi, Sharif H, et al. A survey on cyber security for smart grid communications[J]. IEEE Communications Surveys & Tutorials, 2012,14(4):998-1010.

[7] 孙吉贵,刘杰,赵连宇. 聚类算法研究[J]. 软件学报, 2008,19(1):48-61.

[8] 吴正桢,陈秀真,李建华. 基于聚类和报警先决条件的网络入侵关联分析[J]. 计算机工程, 2007,33(21):122-124.

[9] 张慧琳,邹维,韩心慧. 网页木马机理与防御技术[J]. 软件学报, 2013,24(4):843-858.

[10] 吴润浦,方勇,吴少华. 基于统计与代码特征分析的网页木马检测模型[J]. 信息与电子工程, 2009,7(1):71-75.

[11] 朱克楠,尹宝林,冒亚明,等. 基于有效窗口和朴素贝叶斯的恶意代码分类[J]. 计算机研究与发展, 2014,51(2):373-381.

[12] 徐鹏,林森. 基于C4.5决策树的流量分类方法[J]. 软件学报, 2009,20(10):2692-2704.

[13] 曹文,郭帆,余敏,等. 基于哈希树和有限状态机的XSS检测模型[J]. 计算机工程, 2013,39(6):154-157.

[14] Liu Jing, Xiao Yang, Li Shuhui, et al. Cyber security and privacy issues in smart grids[J]. IEEE Communications Surveys & Tutorials, 2012,14(4):981-997.

[15] Bai Hao, Hu Chang-zhen, Jing Xiao-chuan, et al. Approach for malware identification using dynamic behaviour and outcome triggering[J]. IET Information Security, 2014,8(2):140-151.

[16] Fragkiadakis A G, Tragos E Z, Askoxylakis I G. A survey on security threats and detection techniques in cognitive radio networks[J]. IEEE Communications Surveys & Tutorials, 2013,15(1):428-445.

[17] 蒋诚智,张涛,余勇. 基于等级保护的智能电网信息安全防护模型研究[J]. 计算机与现代化, 2012(4):12-16.

[18] 温研,王怀民. 基于本地虚拟化技术的隔离执行模型研究[J]. 计算机学报, 2008,31(10):1768-1779.