Analysis and Research on Malicious Code for Client

doi:10.3969/j.issn.1000-1565.2015.02.015

Journal of Hebei University (Natural Science Edition) ›› 2015, Vol. 35 ›› Issue (2): 193-198.DOI: 10.3969/j.issn.1000-1565.2015.02.015

Previous Articles Next Articles

Analysis and Research on Malicious Code for Client

WANG Yuxi， ZHOU Wenjun，YANG Jian

College of Mathematics and Information Technology, Jiangsu Second Normal University, Nanjing 210013, China

Received:2014-09-12 Revised:2014-11-12 Online:2015-03-25 Published:2015-03-25
Contact: WANG Yuxi

Abstract

Abstract: As the rapid development of Internet, web security issues have become increasingly prominent. The client is the focus of web applications, more and more rich client applications have provide a better experience for users, but malicious codes appear for the client. These malicious codes can be divided into two types of boot and destructive, and they attack various vulnerabilities for client systems. The quantity of these codes is growing faster, and so much variants have been or will be produced for these codes. Some codes are encrypted to hide their true purpose. Because of the concealment for malicious codes, it is difficult to directly determine the authenticity of malicious codes. Sandbox can provide a secure environment for malicious codes to expose their behavior and find the characteristics. By this way malicious codes can be killed better. It can reveal the hidden malicious code and also verify the feasibility of these detection methods through a number of virus samples tested.

Key words: malicious code, sandbox, signature

CLC Number:

TP309.5

WANG Yuxi， ZHOU Wenjun，YANG Jian. Analysis and Research on Malicious Code for Client[J]. Journal of Hebei University (Natural Science Edition), 2015, 35(2): 193-198.

References

[1] CNNIC．中国互联网络发展状况统计报告[R/OL]．[2014-3-5] http://www.cnnic.net.cn/hlwfzyj/hlwxzbg/hlwtjbg/201403 /P020140305346585959798.pdf． [2] Symantec Corporation．2014 Internet Security Threat Report， Volume[R/OL]．[2014-2-12]http://www.symantec.com/content/en/us/enterprise /other_resources/b-istr_main_report_v19_21291018.en-us.pdf． [3] 于莉莉，杜蒙杉，张平，等．Web安全性测试技术综述[J]．计算机应用研究，2012，29(11):4001-4005． YU Lili，DU Mengshan，ZHANG Ping，et al．Survey on web security testing technologies[J]．Application Research of Computers，2012，29(11):4001-4005． [4] 趋势科技．中国地区2013年第二季度网络安全威胁报告[R/OL]．[2013-8-23] http://cn.trendmicro.com/imperia/md/content/cn/license /pdf-20130823.pdf． [5] 诸葛建伟．挂马网站分析追溯技术与实践[R/OL]．[2008-6-17] http://www.cstnet.cn/scml/20080617041513250.pdf． [6] 张慧琳，诸葛建伟，宋程昱，等．基于网页动态视图的网页木马检测方法[J]．清华大学学报(自然科学版)，2009，49(S2): 2126-2132． ZHANG Huilin，ZHUGE Jianwei，SONG Chengyu，et al．Detection of drive-by downloads based on dynamic page views[J]．J Tsing hua Univ (Sci&Tech) ，2009，49(S2): 2126-2132． [7] 章明．Web应用程序客户端脚本安全技术研究[D] ．上海:上海交通大学，2012． ZHANG Ming．Research on client-side scripting security technology of web application[D]．Shanghai：Shanghai Jiao Tong University，2012． [8] 段玉龙．基于沙盒仿真的可执行程序恶意代码检测工具的研究与实现[D]．湖南省长沙市:国防科技大学，2008． DUAN Yulong．Research and implementation of sandbox and simulation based executables malicious code detection tool[D]．Changsha，Hunan：National University of Defense Technology，2008． [9] 王洋，王钦．沙盒安全技术的发展研究[J]．软件导刊，2009，8(8): 152-153． WANG Yang，WANG Qin．Research on sandbox security technology[J]．Software Guide，2009，8(8): 152-153． [10] 陈丹伟，唐平，周书桃．基于沙盒技术的恶意程序检测模型[J]．计算机科学，2012，39(6A): 12-14． CHEN Danwei，TANG Ping，ZHOU Shutao．Malware detection model based on the sandbox[J]．Computer Science，2012，39(6A): 12-14． [11] The office of Cybersecurity and Communications at the U.S. Department of Homeland Security．Common Vulnerabilities and Exposures[EB/OL]．[2013-5-16]http://cve.mitre.org/about/index.html．

Analysis and Research on Malicious Code for Client

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended Articles

Metrics

Comments

[1]	LI Haiying,ZHANG Jiangxiao,SUI Chunrong. Fair outsourcing computations scheme based on transferability [J]. Journal of Hebei University (Natural Science Edition), 2017, 37(5): 555-560.
[2]	LIU Zhenpeng,MAN Zhixian,HU Qianru,LIU Xiaodan. Improved identity-based data integrity verification scheme [J]. Journal of Hebei University (Natural Science Edition), 2017, 37(1): 86-91.