| With the development of information technology, the security of information systems has attracted more and more attention, among them, information systems risk assessment and emergency response is the key content. However, due to the current lack of accurate and efficient automated assessment system for the threat of malicious code, the efficiency of the risk assessment of information system and emergency response work has been greatly affected. In this context, it is a problem to be eagerly solved that how to design and implement an effective decision system for the threat of malicious code.This thesis proposes and implements a analysis and decision system for the threat of malicious code based on multi-source information fusion theory called MTDS, the system is mainly composed of multi- source malicious behavior collection module, decision architecture training module and information fusion decision module and so on. The multi-source malicious behavior collection module based the collection platform built by our group, collection content includes process, service, documentation and other malicious code key characteristics, which is the foundation of the malicious code threat decision. O n the basis of the malicious behavior collection platform, this thesis optimized the program key behavior recognition and hidden process detection function. As the inaccurate behavior identification problem caused by the IRP sequences confusion and crossover phenomenon, this thesis proposed and implemented a key program behavior recognition framework based on Hidden Markov model, through the design of the corresponding analysis and recognition algorithm, improved the accuracy of the key program behavior recognition is improved. In view of the detection of malicious hidden process, this thesis proposes and implements the dual structure process detection framework based on the thread scheduling list, and solves the difficult to detect hidden process which caused by Rootkit, improves the success rate and accuracy of the hidden process detection. Finally, this thesis proposes and implements the MIMD(Multi-source Information fusion based Malicious threat Decision model), the model based on the analysis of the characteristics of malicious behavior data set, which in combination with information fusion technology such as the Analytic Hierarchy Process and The BP neural network, investigates the analysis and decision algorithm involved in the malicious threats decision process and solves the accuracy and efficiency issues of traditional malicious threat decision model.The malicious threat decision system architecture proposed by this thesis has been implemented and applied in security class prototype of a national funded project. The functionality and performance of the system were tested in the test part, the results of the test show that the system greatly improves the accuracy and efficiency of malicious threats decision. The experimental results verified the correctness and validity of MTDS framework and related optimization techniques.The malicious threat decision system architecture which this paper proposed has been implemented and applied in security class prototype of a national fund project. The functionality and performance of the system were tested in the test part, the results of the test show that the system greatly improves the accuracy and efficiency of malicious threats decision. The experimental results verify the correctness and validity of MTDS framework and related optimization techniques. |
PDF Full Text Request