吉林大学学报(工学版) ›› 2013, Vol. 43 ›› Issue (03): 718-726.doi: 10.7964/jdxbgxb201303027

• 论文 • 上一篇    下一篇

基于云计算的病毒多执行路径

孟超1, 孙知信1,2, 刘三民1,3   

  1. 1. 南京航空航天大学 计算机科学与技术学院,南京 210016;
    2. 南京邮电大学 宽带无线通信与传感网技术教育部重点实验室,南京 210003;
    3. 安徽工程大学 计算机与信息学院,安徽 芜湖 241000
  • 收稿日期:2012-04-23 出版日期:2013-05-01 发布日期:2013-05-01
  • 通讯作者: 孙知信 (1964-),男,教授,博士生导师.研究方向:网络安全.E-mail:sunzx@njupt.edu.cn E-mail:sunzx@njupt.edu.cn
  • 作者简介:孟超(1977-),男,博士研究生.研究方向:云计算,云安全.E-mail:mz848@163.com
  • 基金资助:

    国家自然科学基金项目(60973140, 61170276);江苏省高校自然科学研究重大项目(12KJA520003 );江苏省自然科学基金项目(BK2009425).

Multiple execution paths for virus based on cloud computing

MENG Chao1, SUN Zhi-xin1,2, LIU San-min1,3   

  1. 1. College of Computer Science and Technology ,Nanjing University of Aeronautics and Astronautics, Nanjing 210016,China;
    2. Key Laboratory of Broadband Wireless Communication and Sensor Network Technology,Nanjing University of Posts and Telecommunications, Ministry of Education, Nanjing 210003,China;
    3. College of Computer and Information, Anhui Polytechnic University, Wuhu 241000,China
  • Received:2012-04-23 Online:2013-05-01 Published:2013-05-01

摘要:

针对目前对于病毒的行为分析工具只能在单机系统中分析一条程序执行的路径,误报率很高的问题,提出了一种行为分析模型.该模型利用云计算海量资源,将病毒多条执行路径的分析移植到云计算虚拟机结点上完成.对每条病毒的执行路径分别在不同的虚拟机结点上并行同时执行分析,通过对虚拟机结点中系统调用的监控找出病毒在某种特定的条件下触发的恶意行为.在开源云平台Eucalyptus的实验表明,该模型可以检测出病毒的条件触发行为,找出触发恶意行为的条件和可以满足这些条件的输入数据,并且性能比单机系统有了很大提升.

关键词: 计算机应用, 云计算, 云安全, 病毒分析, 行为分析

Abstract:

Virus analysis is the process of determining the purpose and functionality of a given virus sample. The current problem is that virus dynamic analysis tool can only analyze a single program execution in single computer system, thus the error rate is high. A new analysis model is proposed, which can use abundant resources of cloud computing system. It allows us to explore multiple execution paths and identify malicious actions that are executed when only certain conditions are met. Experiments are carried out in open-source cloud software, Eucalyptus. Results show the proposed model can detect the existence of trigger-based behavior, find the trigger conditions of such hidden behavior and identify the inputs satisfying those conditions. Its performance is superior to single computer system.

Key words: computer application, cloud computing, cloud security, virus analysis, behavioral analysis

中图分类号: 

  • TP393

[1] Firdausi. Analysis of machine learning techniques used in behavior-based malware detection//Second International Conference on Computing, Control and Telecommunication Technologies(ACT),2010:201-203.



[2] Bayer U, Kruegel C, Kirda E,et al. A tool for analyzing malware//Proc 15th Ann Conf European Inst for Computer Antivirus Research (EICAR), EICAR Conf Proceedings,2006:180-192.



[3] Branco R R. Architecture for automation of malware analysis//In 5th International Conference on Malicious and Unwanted Software (MALWARE),2010:106-112.



[4] Shahzad Farrukh , Shahzad M, Farooq Muddassar. In-execution dynamic malware analysis and detection by mining information in process control blocks of Linux OS[J].Information Sciences,2013,231:45-63.



[5] Jensen M, Gruschka N, Herkenh R. A survey of attacks on web services//Computer Science - Research and Development (CSRD), Springer, Berlin, 2009.



[6] Iwamura M, Itoh M, Muraoka Y. Towards efficient analysis for malware in the wild//In IEEE International Conference on Communications (ICC), Kyoto,2011:1-6.



[7] Moser A, Kruegel C, Kirda E. Exploring multiple execution paths for malware analysis//In IEEE Symposium on Security and Privacy, IEEE Press, 2007.



[8] Brumley D, Hartwig C, Liang Z, et al. Towards automatically identifying trigger-based behavior in malware using symbolic execution and binary analysis.Technical Report, Carnegie Mellon University,2007.



[9] Berre A J, Roman D, Landre E, et al. Towards best practices in designing for the cloud//In: Proceedings of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications, Orlando, Florida, USA, 2009:697-698.



[10] Wu Yu-mei , Yu Zheng-wei, Liu Zhi-fang . Study of task profile oriented embedded software test aiming to improve reliability//In 2nd International Conference on Future Computer and Communication (ICFCC), China, 2010.



[11] Marcantonio Catelani Lorenzo Ciani. Software automated testing: a solution to maximize the test plan coverage and to increase software reliability and quality in use[J]. In Computer Standards & Interfaces, 2011,33(2):152-158.



[12] Nurmi D, Wolski R, Grzegorczyk C, et al. The eucalyptus open-source cloud-computing system//In CCGRID '09:Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, IEEE Computer Society, Washington, DC, USA, 2009:124-131.



[13] Peng Cheng-Shiuan , Chang Li-Chuan , Kuo Chih-Hung, et al. Dual-core virtual platform with QEMU and system//In International Symposium on Next-Generation Electronics (ISNE),2010:69-72.



[14] Blin L, Cournier A, Villain V. An improved snap-stabilizing PIF algorithm[J]. Self-Stabilizing Systems, Lecture Notes in Computer Science, Springer, 2003, 2704:199-214.



[15] Cournier A, Datta A, Petit F, et al. Snap-stabilizing PIF algorithm in arbitrary networks//Proceedings of the 22nd IEEE International Conference on Distributed Computing Systems, IEEE Computer Society, Washington, DC,USA, 2002:199-206.



[16] Mehmet Hakan Karaata,Rachid Hadid. An optimal snap-stabilizing wave algorithm in arbitrary graphs[J].Computer Communications, 2008, 31: 3071-3077.



[17] Cournier A.Snap-stabilizing linear message forwarding[J].In Proceeding SSS'10 Proceedings of the 12th International Conference, 2010, 6366: 546-559.

[1] 刘富,宗宇轩,康冰,张益萌,林彩霞,赵宏伟. 基于优化纹理特征的手背静脉识别系统[J]. 吉林大学学报(工学版), 2018, 48(6): 1844-1850.
[2] 王利民,刘洋,孙铭会,李美慧. 基于Markov blanket的无约束型K阶贝叶斯集成分类模型[J]. 吉林大学学报(工学版), 2018, 48(6): 1851-1858.
[3] 金顺福,王宝帅,郝闪闪,贾晓光,霍占强. 基于备用虚拟机同步休眠的云数据中心节能策略及性能[J]. 吉林大学学报(工学版), 2018, 48(6): 1859-1866.
[4] 赵东,孙明玉,朱金龙,于繁华,刘光洁,陈慧灵. 结合粒子群和单纯形的改进飞蛾优化算法[J]. 吉林大学学报(工学版), 2018, 48(6): 1867-1872.
[5] 刘恩泽,吴文福. 基于机器视觉的农作物表面多特征决策融合病变判断算法[J]. 吉林大学学报(工学版), 2018, 48(6): 1873-1878.
[6] 欧阳丹彤, 范琪. 子句级别语境感知的开放信息抽取方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1563-1570.
[7] 刘富, 兰旭腾, 侯涛, 康冰, 刘云, 林彩霞. 基于优化k-mer频率的宏基因组聚类方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1593-1599.
[8] 桂春, 黄旺星. 基于改进的标签传播算法的网络聚类方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1600-1605.
[9] 刘元宁, 刘帅, 朱晓冬, 陈一浩, 郑少阁, 沈椿壮. 基于高斯拉普拉斯算子与自适应优化伽柏滤波的虹膜识别[J]. 吉林大学学报(工学版), 2018, 48(5): 1606-1613.
[10] 车翔玖, 王利, 郭晓新. 基于多尺度特征融合的边界检测算法[J]. 吉林大学学报(工学版), 2018, 48(5): 1621-1628.
[11] 赵宏伟, 刘宇琦, 董立岩, 王玉, 刘陪. 智能交通混合动态路径优化算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1214-1223.
[12] 黄辉, 冯西安, 魏燕, 许驰, 陈慧灵. 基于增强核极限学习机的专业选择智能系统[J]. 吉林大学学报(工学版), 2018, 48(4): 1224-1230.
[13] 傅文博, 张杰, 陈永乐. 物联网环境下抵抗路由欺骗攻击的网络拓扑发现算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1231-1236.
[14] 曹洁, 苏哲, 李晓旭. 基于Corr-LDA模型的图像标注方法[J]. 吉林大学学报(工学版), 2018, 48(4): 1237-1243.
[15] 侯永宏, 王利伟, 邢家明. 基于HTTP的动态自适应流媒体传输算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1244-1253.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 刘松山, 王庆年, 王伟华, 林鑫. 惯性质量对馈能悬架阻尼特性和幅频特性的影响[J]. 吉林大学学报(工学版), 2013, 43(03): 557 -563 .
[2] 王同建, 陈晋市, 赵锋, 赵庆波, 刘昕晖, 袁华山. 全液压转向系统机液联合仿真及试验[J]. 吉林大学学报(工学版), 2013, 43(03): 607 -612 .
[3] 张春勤, 姜桂艳, 吴正言. 机动车出行者出发时间选择的影响因素[J]. 吉林大学学报(工学版), 2013, 43(03): 626 -632 .
[4] 肖锐, 邓宗才, 兰明章, 申臣良. 不掺硅粉的活性粉末混凝土配合比试验[J]. 吉林大学学报(工学版), 2013, 43(03): 671 -676 .
[5] 陈思国, 姜旭, 王健, 刘衍珩, 邓伟文, 邓钧忆. 车载自组网与通用移动通信系统混杂网络技术[J]. 吉林大学学报(工学版), 2013, 43(03): 706 -710 .
[6] 仙树, 郑锦, 路兴, 张世鹏. 基于内容转发模型的P2P流量识别算法[J]. 吉林大学学报(工学版), 2013, 43(03): 727 -733 .
[7] 吕源治, 王世刚, 俞珏琼, 王小雨, 李雪松. 基于柱透镜光栅的虚模式下一维集成成像显示特性[J]. 吉林大学学报(工学版), 2013, 43(03): 753 -757 .
[8] 王丹, 李阳, 年桂君, 王珂. 非均质度量掩蔽函数在空域水印中的应用[J]. 吉林大学学报(工学版), 2013, 43(03): 771 -775 .
[9] 冯琳函, 钱志鸿, 尚克诚, 朱爽. 基于IEEE802.15.4标准的改进型隐藏节点冲突避免策略[J]. 吉林大学学报(工学版), 2013, 43(03): 776 -780 .
[10] 王亚丽, 陈岚, 吕超, 吴帆. 基于网络效用与寿命的无线传感器网络跨层优化[J]. 吉林大学学报(工学版), 2013, 43(03): 807 -812 .