河北大学学报(自然科学版) ›› 2015, Vol. 35 ›› Issue (2): 193-198.DOI: 10.3969/j.issn.1000-1565.2015.02.015

• 电子工程与计算机科学 • 上一篇    下一篇

针对客户端的恶意代码分析与研究

王玉玺, 周文军, 杨剑   

  1. 江苏第二师范学院 数学与信息技术学院,江苏 南京 210013
  • 收稿日期:2014-09-12 修回日期:2014-11-12 出版日期:2015-03-25 发布日期:2015-03-25
  • 通讯作者: 王玉玺
  • 作者简介::王玉玺(1978-),男,江苏徐州人,江苏第二师范学院讲师,主要从事计算机网络技术应用、计算机教育方向研究
  • 基金资助:
    国家重点实验室基地开放课题(9011311);江苏第二师范学院“十二五”规划课题(JSNU-Y-4632)

Analysis and Research on Malicious Code for Client

WANG Yuxi, ZHOU Wenjun,YANG Jian   

  1. College of Mathematics and Information Technology, Jiangsu Second Normal University, Nanjing 210013, China
  • Received:2014-09-12 Revised:2014-11-12 Online:2015-03-25 Published:2015-03-25
  • Contact: WANG Yuxi

摘要: Web安全问题日益突出,针对客户端的恶意代码成为威胁用户安全的主要因素之一,因此有必要对恶意代码进行分析。恶意代码数量多且变种多样,通常会通过加密隐藏真实目的;沙盒可以为恶意代码提供一个安全的运行环境,在实验时借助沙盒分析和揭露恶意代码的行为特征,发现很多恶意代码看似不同,实际为同一恶意代码的变种。最后对若干恶意代码样本进行分析,通过特征码对样本中的恶意代码进行分类,验证了恶意代码变种的现象

关键词: 恶意代码, 沙盒, 特征码

Abstract: As the rapid development of Internet, web security issues have become increasingly prominent. The client is the focus of web applications, more and more rich client applications have provide a better experience for users, but malicious codes appear for the client. These malicious codes can be divided into two types of boot and destructive, and they attack various vulnerabilities for client systems. The quantity of these codes is growing faster, and so much variants have been or will be produced for these codes. Some codes are encrypted to hide their true purpose. Because of the concealment for malicious codes, it is difficult to directly determine the authenticity of malicious codes. Sandbox can provide a secure environment for malicious codes to expose their behavior and find the characteristics. By this way malicious codes can be killed better. It can reveal the hidden malicious code and also verify the feasibility of these detection methods through a number of virus samples tested.

Key words: malicious code, sandbox, signature

中图分类号: