Design And Implementation Of Multi-step Master Preventing System Based On Behavior Sequence

With the advent of the big data era,more and more people come into contact with the Internet.Along with a variety of Internet access channels,computer viruses gradually penetrate into personal hosts.Nowadays,the virus detection technology has become increasingly mature,and its shortcomings are gradually exposed.That is,the defense against unknown viruses is too weak.Therefore,Defense technology gradually developed.This paper uses Windows system as the research platform.After collecting a large number of virus samples,this paper deeply studies the attack behavior of the virus,and monitors the host computer in the form of kernel-level driver,and analyzes the frequently used frequent sequence mining algorithms.On the basis of this,a more efficient and improved algorithm is proposed.Based on this,a behavioral sequence rule base is generated,and a set of efficient and feasible multi-step master preventing system based on behavioral sequences is finally put forward.The specific research content has the following points:1?The current active defense technology was investigated,its core technology was analyzed in depth,and a large number of virus samples were collected.The attack behavior of the virus was analyzed and studied.System monitoring point files were developed for common interface calls and system sensitive locations of the virus.Study the layering of Windows system and the calling process of the function in the system,focusing on the differences between the kernel function and the application layer function,kernel programming,the system service descriptor table intercepts SSDT HOOK technology.2.Develop master anti-sequence rules file.Based on PrefixSpan algorithm,a more efficient and improved algorithm is proposed based on the large amount of projection database,and the feasibility of this algorithm is verified Sexuality and efficiency have made some progress.The training samples are obtained from the investigated virus samples,and a new set of sequences is generated by mining the algorithm,and a behavioral sequence rule base is established according to the strict logic relations.3.Design and implementation of multi-step master anti-program,developed a multi-step master anti-strategy.Using behavioral single-step interception,multi-step determination of the results of the combination of logic play a role in determining the sequence of actions.The sequence of behavior described in this article is defined,the use of kernel-level drive technology to monitor the system,the application layer of the decision algorithm for the logic analysis and key functions to explain.4.Selecting security programs and virus programs as test sample sets,together with the Bayesian detection method and open source Zhuoran driver-level cloud security active defense,the test results were analyzed and compared,and the interactive interface was compared with the traditional 360 security guards.The test results of this scheme show that the improved PrefixSpan algorithm will reduce the number of sequences generated compared with the original PrefixSpan algorithm,but it can reduce the consumption in the running time,and the main defense system is in the aspects of files,processes,registry,etc.The protection has achieved a good protection effect,achieved the design purpose,and can effectively prevent attacks from unknown viruses.