指出了当前反病毒软件在检测未知木马方面的不足,介绍了人工免疫系统在反病毒软件自适应性方面的优点,以及人工免疫机制在木马检测方面的可行性;通过对木马新技术的分析,用一个木马模型证明了现在计算机安全体系的不足,提出将木马检测从反病毒软件中迁移到免疫型入侵检测系统中作为子系统,利用其免疫机制来提高木马检测的自适应能力;并同时提出了依据进程的系统资源使用状况来映射进程的系统调用的行为模式,以此建立了基于人工免疫机制的木马检测模型。

This paper points out the deficiency in detecting the unknown Trojan horse of the present anti-virus software at first, introduces the advantage of artificial immune system in self-adaptability aspect, and points out the feasibility of artificial immunity mechanism in Trojan horses detection; Then through an analysis about the new technology of Trojan horses, proves the deficiency of current computer security system with a Trojan horses model, presents the transfer of Trojan horses detection from the anti-virus software to the subsystem of immune IDS, improves the self-adaptive capacity of Trojan horses detection with its immune mechanism; Finally, a behavior mode is put forward, which is mapped from the using situation of process systematic resource to the process systematic call, and by this means, a Trojan horse detection model based on artificial immunity mechanism is set up.

人工免疫机制在木马检测系统中的应用研究

人工免疫机制在木马检测系统中的应用研究