A Malicious Software Evaluation System Based on Behavior Association
The malicious software detection based on characteristics matching cannot find unknown malicious software and the origin of harms. To solve this problem, a method is proposed to detect malicious software according to the subject-object association. It uses SSDT HOOK technology to monitor the software behaviors and records those into logs. To improve the accuracy of detection, it proposes a risk assessment algorithm. First it does the subjectobject behavior association in logs, and then makes the risk assessment for every subject to find the origin of harms.
Yunlong Wu Dong Cui Qiang Zhang
School of Computer Wuhan University Wuhan, China School of Information & Electronic Engineering Hebei University of Engineering Handan, China
国际会议
武汉
英文
258-260
2010-05-10(万方平台首次上网日期,不代表论文的发表时间)