Abstract:
This paper proposes an architecture of program behavior analysis at ring 0 level based on virtual machine on Windows platform and a program behavior analysis system named Malbox is implemented, which is able to detect program’s process, file, registry and network behavior in a closed virtual environment. Experiments based on various malware samples prove that Malbox is efficient and performs well on detecting the host and network behavior of programs.
Key words:
behavior analysis,
malware,
virtual machine
摘要: 提出一种Windows平台下基于虚拟机的Ring 0级程序行为分析架构,据此架构设计和实现程序行为自动分析系统Malbox。该系统能够在封闭的虚拟环境下自动地检测和分析待测程序的进程、文件、注册表、网络等行为。经过测试,该系统能够较好地检测程序的本机和网络行为,具有较高的实用性。
关键词:
行为分析,
恶意程序,
虚拟机
CLC Number:
DIAO Shuang, LIU Lu, DAO Jing, MA Xiao-Bo. Design and Implementation of Program Behavior Analysis System at Ring 0 Level[J]. Computer Engineering, 2011, 37(01): 156-158.
赵双, 刘璐, 陶敬, 马小博. Ring 0级程序行为分析系统的设计与实现[J]. 计算机工程, 2011, 37(01): 156-158.