摘要
现有的网络安全防护装置无法满足用户需求,无法实现未知威胁代码准确、高效检测和完全主动防御。提出了基于云沙箱系统的未知威胁代码主动防御方法。在严格受控和高度隔离的云沙箱系统程序环境中,采用词袋模型将系统中未知威胁代码行为报告转换成特征向量空间数据形式。通过计算各信息单元之间的相似度,将相似度较高的信息单元聚类到同一特征簇实现预处理,并计算未知威胁代码分析报告信任值,对未知威胁代码分析报告按照优先级排序进行主动防御。仿真结果表明,提出方法能够实现未知威胁代码检测和主动防御,检出率高,错检率和漏检率较低,且能够实现不同类型威胁代码的完全主动防御。
The existing network security protection devices cannot meet the needs of users. Meanwhile, the accurate and efficient detection for unknown threat codes and the complete active defense cannot be achieved. Therefore, this paper proposed a method to actively defend unknown threat codes based on cloud sandbox system. In the environment of cloud sandbox system program which was strictly controlled and highly isolated, the bag of words model was used to transform unknown threat code behavior report in system into the form of feature vector spatial data. On the basis of calculating the similarity between information units, the information units with high similarity were clustered into the same feature cluster and thus to realize the pretreatment. Moreover, the unknown threat code was calculated and trust value of report was analyzed. Finally, the unknown threat code analysis reports were prioritized and thus to achieve the active defense. Simulation results show that the proposed method can detect and defend unknown threat codes. Meanwhile, the detective rate is high and the false detection rate and missing detection rate are low, so that the complete active defense of different types of threat codes can be achieved.
作者
叶志远
蒲强
谢科军
秦浩
YE Zhi-yuan;PU Qiang;XIE Ke-jun;QIN Hao(College of Computer and Information,University of Science and Technology of China,Hefei Anhui 230088,China;School of Computing,Xi’an Shiyou University,Xi’an Shanxi 710065,China;College of Materials Science and Engineering,Hefei University of Technology,Hefei Anhui 230088,China)
出处
《计算机仿真》
北大核心
2019年第8期276-279,304,共5页
Computer Simulation
关键词
云沙箱系统
未知威胁代码
主动防御
Cloud sandbox system
Unknown threat code
Active defense
