Full-Text Search:
Home|Journal Papers|About CNKI|User Service|FAQ|Contact Us|中文
《Acta Electronica Sinica》 2012-01
Add to Favorite Get Latest Update

Research on Rootkit Dynamic Detection Based on Fuzzy Pattern Recognition and Support Virtual Machine Technology

LI Peng1,2,3,WANG Ru-chuan1,2,3,GAO De-hua1(1.College of Computer,Nanjing University of Posts and Telecommunications,Nanjing,Jiangsu 210003,China;2.Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Jiangsu Province,Nanjing,Jiangsu 210003,China;3.Key Lab of Broadband Wireless Communication and Sensor Network Technology(Nanjing University of Posts and Telecommunications),Ministry of Education,Jiangsu Province,Nanjing,Jiangsu 210003,China)  
Dynamic detection technology of Rootkit malicious code has been studied.It summarizes typical dynamic system API functions which are called by Rootkit malicious codes.It extracts behavioural characters of the typical system API functional series accompany with the running of malicious code,forms feature vectors by counting up the generating elements important degree of system call series,uses fuzzy membership function and normalization fuzzy weights vector,and comes to the fuzzy pattern recognition conclusion with the use of weighted averaging method.It exactly locates the types of Rootkit malicious code based on the analysis method of layered multi-attributes support virtual machine,according to the subtasks constructed by the independent API system call behaviours,and with the calculation of hamming distance of dynamic behaviour properties.Experiments indicates the proposed dynamic detection method of combining fuzzy pattern recognition with support virtual machine technology not only improves the accuracy rate of Rootkit automatic detection but also has the ability of detecting the previous unknown type malicious code.
【Fund】: 国家自然科学基金(No.60973139 No.61170065 No.61171053 No.61100199 No.60903181 No.61003039 No.61003236);; 江苏省科技支撑计划(工业)项目(No.BE2010197 No.BE2010198);; 省属高校自然科学研究重大项目(No.11KJA520001);; 江苏省高校自然科学基础研究项目(No.10KJB520013 No.10KJB520014);; 高校科研成果产业化推进工程项目(No.JH10-14);; 江苏高校科技创新计划项目(No.CX10B-196Z No.CX10B-199Z);; 江苏省六大高峰人才项目(No.2008118);; 教育部高等学校博士学科点专项科研基金(No.20103223120007);; 江苏省计算机信息处理技术重点实验室基金(No.KJS1022)
【CateGory Index】: TP393.08
Download(CAJ format) Download(PDF format)
CAJViewer7.0 supports all the CNKI file formats; AdobeReader only supports the PDF format.
【References】
Chinese Journal Full-text Database 4 Hits
1 FENG Zhigang;ZHANG Xuejuan;Department of Automation,Shenyang Aerospace University;;Pneumatic Actuator Fault Diagnosis Based on LS-SVM and SVM[J];Chinese Journal of Sensors and Actuators;2013-11
2 LI Peng;WANG Ruchuan;College of Computer, Nanjing University of Posts and Telecommunications;Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks;;Research on Network Malicious Code Immune Based on Imbalanced Support Vector Machines[J];电子学报(英文版);2015-01
3 JIN Ran;FAN Rong-rong;GU Xiao-qi;Jiangnan Computing Technology Institue;;Predicate Temporal Logic Based Description and Detection of Malware Behavior[J];Computer Science;2013-09
4 SHI Guo-zhen;HUANG Qiong;XI Zong-hu;SU Mang;Department of Information Security,Beijing Electronic Science and Technology Institute;School of Computing,Xidian University;National Key Laboratory of Integrated Services Network,Xidian University;;Design and implementation of QEMU-based process detecting tool for Android[J];Computer Engineering and Design;2015-04
【Citations】
Chinese Journal Full-text Database 2 Hits
1 LIU Wei-wei1,SHI Yong1,GUO Yu1,HAN Zhen1,SHEN Chang-xiang2 (1.College of Computer and Information Technology Beijing Jiaotong University,Beijing 100044,China; 2.Beijing University of Technology,Beijing 100124,China);A Malicious Code Detection Method Based on Integrated Behavior Characterization[J];Acta Electronica Sinica;2009-04
2 FU Wen, WEI Bo, ZHAO Rong-cai, PANG Jian-min (Institute of Information Engineering, Information Engineering University, Zhengzhou 450002, China);Fuzzy reasoning model for analysis of program maliciousness[J];Journal on Communications;2010-01
【Co-citations】
Chinese Journal Full-text Database 10 Hits
1 LIANG Hong-liang1,2,DONG Shou-ji3,4,LIU Shu-chang1(1.School of Computer Science,Beijing University of Posts and Telecommunications,Beijing 100876,China;2.Institute of Software,Chinese Academy of Sciences,Beijing 100190,China;3.Institute of National Security Science and Technology,Beijing 100044,China;4.School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China);A File System for Malware Analysis and Protection[J];Journal of Beijing University of Posts and Telecommunications;2011-03
2 HAN Xiao-su,PANG Jian-min,YUE Feng(Institute of Information Engineering,Information Engineering University,Zhengzhou,Henan 450002,China);An Effective Method for Variant of Malicious Code Detection[J];Computer Security;2010-09
3 WANG Chao1,GUO Yuan-bo2,MA Jian-feng1,PEI Qing-qi2,XU Dong1(1.School of Computer Science and Technology,Xidian University,Xi'an,Shaanxi 710071,China;2.Institute of Electronic Technology,PLA Information Engineering University,Zhengzhou,Henan 450004,China;3.Ministry of Education Key Lab of Computer Network and Information Security,Xidian University,Xi'an,Shaanxi 710071,China);HMM-Based Detection Method for Resource Misuse in Information Systems[J];Acta Electronica Sinica;2010-06
4 LI Xiao-yong1,ZHOU Li-tao2,SHI Yong1,GUO Yu1(1.Beijing Jiaotong University,Beijing 100044,China;2.College of Computer,National Univ.of Defense Technology,Changsha 410073,China);Malicious Code Detection and Prevention in Virtual Behavior Mechanism[J];Journal of National University of Defense Technology;2010-01
5 LAI Ying-xu,LIU Hong-nan,YANG Zhen,LIU Jing(College of Computer Science,Beijing University of Technology,Beijing 100124,China);Unknown Malicious Codes Detection Based on LZW Compression Algorithm[J];Journal of Beijing University of Technology;2012-07
6 LI Xiao-yong,MA Wei(Beijing Jiaotong University,Beijing 100044,China);Research on Real-Time Transitive Trust for Dynamic Codes[J];Acta Electronica Sinica;2012-10
7 LUO Yang-xia;FANG Ding-yi;School of Information,Xi'an University of Finance and Economics;School of Information Science and Technology,Northwest University;;Feature Selection for Software Birthmark Based on Cluster Analysis[J];Acta Electronica Sinica;2013-12
8 MA Li-jun;Department of Electronic Information Engineering,Liuzhou Vocational&Technical College;;Detection Research on Behavior-based Detection of Theft-type Trojan[J];Journal of Guangxi University for Nationalities(Natural Science Edition);2014-02
9 ZHU Li-zhi;Nanjing University of Aeronautics and Astronautics,information center;;A Trojan Horse Detection Algorithm basde on Particle Swarm[J];Computer Security;2014-10
10 Zou Weifu;Zhang Yiying;Zhang Suxiang;Yang Chengyue;State Grid Quanzhou Electric Power Supply Company;State Grid Information & Telecommunication Co., Ltd.;NARI Group Corporation Xiamen Great Power Gio Information Technology Co., Ltd.;;Research on Anti-Trojan Malware Mechanism Based on Characteristic Behavior[J];Telecommunications Science;2014-11
【Co-references】
Chinese Journal Full-text Database 10 Hits
1 YIN Ling1,HONG Tiansheng2,LIU yinghu3,LIU Caixing1 1.College of Informatics,South China Agriculture University,Guangzhou 510642,China;2.College of Engineering,South China Agriculture University,Guangzhou 510642,China;3.College of science,South China Agriculture University,Guangzhou 510642,China;Cow Behavioral Features Recognition Using Binary Decision Tree Support Vector Machines Based on Wireless Sensor Network[J];Chinese Journal of Sensors and Actuators;2011-03
2 Yu Jintao1,2 Ding Mingli1 Meng Fangang3 Qiao Yuliang3 Wang Qi1(1 Department of Automatic Measurement and Control,Harbin Institute of Technology,Harbin 150001,China)(2 School of Computer and Information Engineering,Harbin University of Commerce,Harbin 150028,China)(3 Harbin Aviation Industry Group Co.Ltd.,Harbin 150066,China);Acoustic emission source identification based on harmonic wavelet packet and support vector machine[J];东南大学学报(英文版);2011-03
3 HU Han-ping,LIANG Xing,ZHANG Bao-Liang (Institute of Image Recognition and Artificial Intelligence,Huazhong University of Science and Technology,Wuhan,Hubei 430074,China);A Proactive-Defense Network Transmission System[J];Acta Electronica Sinica;2005-04
4 LIU Wei-wei1,SHI Yong1,GUO Yu1,HAN Zhen1,SHEN Chang-xiang2 (1.College of Computer and Information Technology Beijing Jiaotong University,Beijing 100044,China; 2.Beijing University of Technology,Beijing 100124,China);A Malicious Code Detection Method Based on Integrated Behavior Characterization[J];Acta Electronica Sinica;2009-04
5 Liu Ruo-chen Niu Man-chun Jiao Li-cheng (Key Laboratory of Intelligent Perception and Image Understanding of Ministry of Education of China,Xidian University,Xi’an 710071,China);A New Artificial Immune Network Algorithm for Classifying Complex Data[J];Journal of Electronics & Information Technology;2010-03
6 ZHANG Yi rong, XIAN Ming, ZHAO Zhi chao, XIAO Shun ping, WANG Guo yu (College of Electronic Science and Engineering, National Univ. of Defense Technology, Changsha 410073, China);A Study on the Evaluation Technology of the Attack Effect of Computer Networks[J];Journal of National University of Defense Technology;2002-05
7 Lan Zhiling Song Yubo Tang Lei(Information Security Research Center,Southeast University,Nanjing 210096,China);Novel process-protecting method using camouflage techniques based on direct kernel object manipulation[J];Journal of Southeast University(Natural Science Edition);2013-01
8 QIAO Aimin1,HE Bexia2,ZHANG Wei3(1.Bengbu College,Bengbu,Anhui,233000,China;2.Najiing University of Science and Technology,Nanjing 210094,China; 3.Bengbu Sensor System Co.,Ltd.,Bengbu,Anhui,233030,China);The Power-sensed Sensor Temperature Error Compensation Based on LS-SVM and Embedded Technology[J];Chinese Journal of Sensors and Actuators;2013-05
9 Qin Zhongyuan;Xu Yuqing;Liang Biao;Zhang Qunfang;Huang Jie;Information Security Research Center,Southeast University;Key Laboratory of Information Network Security of Ministry of Public Security;Nanjing Sample Technology Co. ,Ltd;Computer Department,Nanjing Institute of Artillery Corps;;An Android malware static detection method[J];Journal of Southeast University(Natural Science Edition);2013-06
10 Wang Yi Hu Hanping Wang Zuxi Chen Jianghang(Institute for Pattern Recognition and Artificial Intelligence,HuazhongUniversity of Science and Technology,Wuhan 430073,China);Measurement model for network security based on traffic attack determination[J];Journal of Huazhong University of Science and Technology(Nature Science Edition);2008-04
【Secondary References】
Chinese Journal Full-text Database 3 Hits
1 SAI Jierhu;DAI Shengfang;DONG Aihua;MAIO Qingying;College of Information Sciences and Technology,Donghua University;;Sensor Fault Diagnosis of the Automobile Active Noise Control System Based on SVM and RBFN[J];Chinese Journal of Sensors and Actuators;2014-04
2 FENG Zhigang;WANG Ru;TIAN Feng;Department of Automation,Shenyang Aerospace University;;Self-Validating Pneumatic Actuator Fault Diagnosis Based on MVRVM Regression and RVM Binary Tree Classification[J];Chinese Journal of Sensors and Actuators;2015-06
3 DU Nan;HAN Lan-sheng;FU Cai;ZHANG Zhong-ke;LIU Ming;School of Computer Science and Technology,Huazhong University of Science and Technology;;Detection of Malware Code Based on Acquaintance Degree[J];Computer Science;2015-01
【Secondary Citations】
Chinese Journal Full-text Database 9 Hits
1 SU Pu-rui,FENG Deng-guo(State Key Laboratory of Information Security,Institute of Software,Chinese Academy of Sciences,Beijing 100080,China);An Anomaly Intrusion Detection Model Based on Nonhierarchical Clustering[J];Acta Electronica Sinica;2006-10
2 LI Xiao-yong1,ZUO Xiao-dong2,SHEN Chang-xiang3(1.Beijing Jiaotong University,Beijing 100044,China;2.Graduate School of CAS,Beijing 100049,China;3.Beijing University of Technology,Beijing 100022,China);System Behavior Based Trustworthiness Attestation for Computing Platform[J];Acta Electronica Sinica;2007-07
3 Wang Guojun (Institute of Mathematics,Shaanxi Normal University,Xi’an 710062);Some Basic Problems on Fuzzy Reasoning[J];CHINESE JOURNAL OF ENGINEERING MATHEMATICS;2000-S1
4 WANG Hui 1),2) LIU Shu-Fen 1) 1) (College of Computer Science and Technology, Jilin University, Changchun 130012) 2) (College of Computer Science and Technology, Henan Polytechnic University, Jiaozuo 454000);A Scalable Predicting Model for Insider Threat[J];Chinese Journal of Computers;2006-08
5 ZHANG Bo-yun~(1,2),YIN Jian-ping~1,TANG Wen-sheng~1,HAO Jing-bo~11.School of Computer Science,National University of Defense Technology,Changsha Hunan 410073,China;2.Department Computer Science,Hunan Public Security College,Changsha Hunan 410138,China);Unknown computer virus detection based on fuzzy pattern recognition[J];Computer Applications;2005-09
6 Liu Hongbing Xiong Shengwu (School of Computer Science and Technology,Wuhan University of Technology,Wuhan 430070);CLOSE DEGREE DECISION MAKING METHOD BASED ON FUZZY REASONING AND ITS APPLICATION[J];Computer Applications and Software;2004-11
7 GUO Xu-ting,JIA Xiao-zhu,ZHANG Hong-shui(College of Information Engineering,Qingdao University,Qingdao 266071,China);Fuzzy Pattern Recognition Method for Virus Detection Based on Sequences of System Calls[J];Journal of Qingdao University(Natural Science Edition);2007-04
8 DUAN You-xiang,WANG Hai-feng,MAN Cheng-cheng((Department of Computer and Communication Engineering,China University of Petroleum,Dongying 257061,China);Fuzzy logic approach to host-IDS based on AIS[J];Computer Engineering and Design;2005-09
9 HOU Xiu-ping,YUAN Xiu-li,JIANG Zhuo,ZHANG Wei(School of Computer Sci. & Eng.,Changchun Univ. of Techn.,Changchun 130012,China);Research on Fuzzy Logic Technology in Medical Diagnosis[J];Microcomputer Development;2005-05
©2006 Tsinghua Tongfang Knowledge Network Technology Co., Ltd.(Beijing)(TTKN) All rights reserved