摘要
该文基于行为分析设计的计算机木马检测系统,由监控模块、响应模块、行为判定模块、信息收集模块以及木马行为特征库等构成。该系统可以对注册表、文件、通信等对象进行监测,并分析监测对象的行为信息。将行为信息的权值相加与设定阈值对比,根据对比结果判定是否为木马程序。如果确定为木马,则中止该程序的运行,保护系统安全,同时修复被木马删除、篡改的文件;如果不是木马,则允许程序正常运行,并继续监视程序。
In this paper,the computer Trojan horse detection system based on behavior analysis is composed of monitoring module,response module,behavior determination module,information collection module and Trojan horse behavior feature database.The system can monitor the registry,files,communications and other objects,and analyze the behavior information of the monitoring objects.The weight of the behavior information is added and compared with the set threshold,and whether it is a Trojan horse program is determined according to the comparison results.If it is determined to be a Trojan horse,it will stop the operation of the program,protect the security of the system,and repair the files deleted and tampered with by the Trojan horse;if it is not a Trojan horse,it will allow the program to run normally and continue to monitor the program.
出处
《科技创新与应用》
2024年第3期128-131,共4页
Technology Innovation and Application
基金
江西省教学改革研究项目(JXJG-21-28-1)。
关键词
行为分析
计算机木马检测系统
白名单
双进程守护
木马行为特征库
behavior analysis
computer Trojan horse detection system
white list
dual-process guardian
Trojan horse behavior feature library
作者简介
第一作者:邹海林(1979-),男,讲师。研究方向为地方大数据教学。
