Research on dynamic heuristic scanning technique and the application of the malicious code detection model
Introduction
The rapid development of the network has brought the world within the scope of information sharing, which has significantly changed people's output and lifestyle. With the wide use of network in finance, defense, education, and other fields, there have also emerged several unsafe factors for network users. Network security has become a major issue in the process of the development of human social information. Therefore, the research on malicious code significantly contributes to improve network security.
There are several types of research on the malicious code detection technology such as the linkage of the firewall and intrusion detection technology, active defense technology, static signature detection technology, and behavior analysis technology [1]. Among them, the main technology is the behavior analysis technology, which can detect the signature of unknown illegal procedures. Furthermore, it is advantageous as it can minimize the behavior analysis. Johannes Kinder and coworkers described the malicious code by using the method of computer tree logic (CTL), and through the abstract generalization of CNF, this method has a good effect on proactive inspection, but the method can be transferred only through a level of assembly instructions. Zhangboyun used Naive Bayes and K-NN algorithms to detect unknown viruses. He also used a rough set to simplify the characteristic and avoid the loss of information. Relevant scholars from Germany placed the malicious code in the environment of the virtual machine software and analyzed the code by tracking program behavior. After repeated research of the scholars' work simultaneously at home and abroad, hackers, in order to increase the survivability of the malicious code, also adopted anti-debugging techniques to check whether the code is being debugged. Therefore, in the context of malicious behavior, we still need some security experts to study and analyze the resultant data, but the judgment process will consume much time [2].
On the basis of the results of predecessors' research, this paper has conducted further research on the malicious code detection technology. It mainly focuses on the analysis of the malicious code, discusses the description method of malicious behavior, and applies the behavior analysis technology in virus detection model. This paper provides guidance for future research in this field [3].
Section snippets
Dynamic heuristic scanning technique
Dynamic heuristic scanning technique is a behavior-based technique to monitor the running of a dynamic computer program and restrict the dynamic behavior of the computer. During the running of a program, some malicious and illegal procedures are often generated that are in conflict with the general procedures; these are intercepted and stemmed by the dynamic heuristic scanning technique.
Establishment of the model
Detection index is the basis for determining the merits of the model test results. In this paper, test results are determined mainly through false negatives and false positives. The false negatives view legal program as malicious code. The false positives view malicious code as normal legal procedures [6].
Let N be the number of procedures needed for the detection, m be the malicious codes, and n be the legitimate programs, then the condition should be satisfied, provided all the three
Conclusions
This paper focuses on dynamic heuristic scanning technique and malicious code detection model. First, the dynamic heuristic scanning technique is analyzed and summarized, because this technique is widely used in the field of antivirus software and can detect the malicious code. This attributes to its wide application in the maintenance of network security. Second, the behavioral characteristics of malicious code and the minimum distance analyzer are used to establish a sample that distinguishes
Acknowledgements
This study was supported by the Fundamental Research Funds for the Central Universities (No. 3091601510).
References (11)
- et al.
Development of system for the automatic generation of unknown virus extermination software
- et al.
A novel technique for improving hardware Trojan detection and reducing Trojan activation time
IEEE Trans. Very Large Scale Integr. (VLSI) Syst.
(2011) Increase dynamic coverage
(Sep. 2007)- et al.
Detection of malicious applications on Android OS
IEEE Comput. Soc.
(2010) - et al.
A hybrid algorithm of Backward Hashing and automaton tracking for virus scanning
IEEE Trans. Comput.
(2011)
Cited by (13)
Research on Network Intrusion Risk and Behavior Detection Methods for Power Grid Information Physical System
2023, IEEE Joint International Information Technology and Artificial Intelligence Conference (ITAIC)Evaluation of Information Technology Equivalence in Telemedicine
2023, Proceedings of the 2023 International Conference "Quality Management, Transport and Information Security, Information Technologies", IT and QM and IS 2023BiBE: A Self-supervised Contrastive Learning Architecture for Malware Detection
2023, 2023 IEEE 11th International Conference on Computer Science and Network Technology, ICCSNT 2023Design of Malicious Code Detection System Based on Convolutional Neural Network
2023, Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICSTA study on detection and defence of malicious code under network security over biomedical devices
2022, Journal of EngineeringMalicious code classification method based on API sequence and Text-CNN
2022, Proceedings of SPIE - The International Society for Optical Engineering