一种基于诱导机制的间谍软件检测方法

郭春; 罗迪; 申国伟; 崔允贺; 平源

doi:10.12263/DZXB.20211017

您当前的位置：

首页 >

文章列表页 >

一种基于诱导机制的间谍软件检测方法

学术论文 | 更新时间：2025-12-08

- 一种基于诱导机制的间谍软件检测方法
- A Spyware Detection Method based on Inducement Mechanism
- 电子学报 2022年50卷第4期页码：1014-1024
- 作者机构：
  
  1.贵州大学计算机科学与技术学院公共大数据国家重点实验室，贵州贵阳 550025
  2.许昌学院信息学院，河南许昌 461000
- 作者简介：
  
  [ "郭春男，1986年生，贵州贵阳人.博士，贵州大学计算机科学与技术学院副教授，CCF会员.主要研究领域为数据挖掘、入侵检测、恶意代码检测. E-mail: gc_gzedu@163.com" ]
  [ "罗迪男，1996年生，贵州六盘水人.贵州大学计算机科学与技术学院硕士研究生，CCF学生会员.主要研究方向为计算机网络与信息安全.E-mail: luodi_happy@163.com" ]
  [ "申国伟男，1986年生，湖南邵东人. 贵州大学计算机科学与技术学院教授、硕士生导师，CCF会员.主要研究领域为网络与信息安全、大数据.E-mail: gwshen@gzu.edu.cn" ]
  [ "崔允贺（通讯作者）男，1987年生，贵州贵阳人.贵州大学计算机科学与技术学院讲师、硕士生导师.主要研究领域为网络安全、云计算、数据中心. E-mail: yhcui@gzu.edu.cn" ]
  [ "平源男，1981年生，重庆合川人.博士，许昌学院信息工程学院教授.主要研究领域为机器学习、数据隐私安全、云计算、边缘计算. E-mail: pyuan.lhn@xcu.edu.cn" ]
- 基金信息：
  
  国家自然科学基金(62162009);贵州省自然科学基金(黔科合基础［2020］1Y268);河南省重点研发与推广专项(212102210084)
- DOI：10.12263/DZXB.20211017
  中图分类号： TP309;
- 收稿：2021-08-01，
  
  修回：2022-03-04，
  
  纸质出版：2022-04-25
- 稿件说明：
移动端阅览
郭春,罗迪,申国伟等.一种基于诱导机制的间谍软件检测方法[J].电子学报,2022,50(04):1014-1024.

GUO Chun,LUO Di,SHEN Guo-wei,et al.A Spyware Detection Method based on Inducement Mechanism[J].ACTA ELECTRONICA SINICA,2022,50(04):1014-1024.
郭春,罗迪,申国伟等.一种基于诱导机制的间谍软件检测方法[J].电子学报,2022,50(04):1014-1024. DOI： 10.12263/DZXB.20211017.

GUO Chun,LUO Di,SHEN Guo-wei,et al.A Spyware Detection Method based on Inducement Mechanism[J].ACTA ELECTRONICA SINICA,2022,50(04):1014-1024. DOI： 10.12263/DZXB.20211017.

摘要

间谍软件是攻击者广泛采用的一类信息窃取类恶意软件，具有高威胁性、高隐蔽性等特点.间谍软件在实施窃密行为时通常采用触发执行策略，使得基于软件行为的动态检测方法难以在短时间内将其捕获，故上述方法检测间谍软件效果不佳.针对该问题，本文采用主动诱导间谍软件执行窃密行为的思路，从应用程序编程接口（Application Programming Interface，API）层面分析不同诱导操作和诱导强度对间谍软件的不同诱发效果，进而提出一种基于诱导机制的间谍软件检测方法（Spyware Detection Method based on Inducement Mechanism，SDMIM）.SDMIM包含诱导操作筛选、软件“活跃度”计算、间谍软件判别3个阶段，能够适用于多种类型间谍软件的诱导式检测.实验结果表明，SDMIM能够在包含5种不同类型间谍软件的样本集上获得95.98%的检测准确率.

Abstract

As a kind of information-stealing software

spyware is featured with high threat and concealment and is widely exploited by attackers nowadays. Since the stealing behavior is executed under a specific trigger strategy

it can hardly be captured by the mainstream malware detection methods based on dynamic behavior analysis in a short time. Frequently

the corresponding performance of spyware detection is below expectation. To tackle this problem

in this paper

the influence of different inducement operations and inducement strengths on the inducement effects of spyware from the (Application Programming Interface，API) level is firstly analyzed by introducing the idea of actively inducing spyware to perform its secret stealing behavior. Then

a Spyware detection method based on inducement mechanism (SDMIM) is proposed. SDMIM consists of three phases: inducible operation filtering

software "activity" calculation

and spyware discrimination. It is fit for the inducible detection of various types of spyware. Experimental results show that SDMIM can achieve an accuracy of 95.98% for detecting a dataset consisting of five kinds of spyware.

关键词

Keywords

references

DROZD O , KHARCHENKO V , RUCINSKI A , et al . Development of models in resilient computing [C]// 2019 International Conference on Dependable Systems, Services and Technologies . Leeds : IEEE , 2019 : 1 - 6 .

Symantec . 2019 Internet Security Threat Report [EB/OL]. [ 2020-06-28 ]. https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.html https://www.symantec.com/content/dam/symantec/docs/reports/istr-24-2019-en.html .

AFZULPURKAR A , ALSHEMAILI M , SAMARA K . Outgoing data filtration for detecting spyware on personal computers [C]// Advances in Internet, Data and Web Technologies . Switzerland : Springer , 2019 : 355 - 362 .

WANG Z , LIU Q , CHI Y . Review of android malware detection based on deep learning [J]. IEEE Access , 2020 , 8 : 181102 - 181126 .

BADIH H , BOND B , RRUSHI J . On second-order detection of webcam spyware [C]// 2020 International Conference on Information and Computer Technologies . San Jose : IEEE , 2020 : 424 - 431 .

MALLIKARAJUNAN K , PREETHI S R , SELVALAKSHMI S , et al . Detection of spyware in software using virtual environment [C]// 2019 International Conference on Trends in Electronics and Informatics . Tirunelveli : IEEE , 2019 : 1138 - 1142 .

李鹏伟 , 姜宇谦 , 薛飞扬 , 等 . 一种基于深度学习的强对抗性Android恶意代码检测方法 [J]. 电子学报 , 2020 , 48 ( 8 ): 48 - 54 .

LI P W , JIANG Y Q , XUE F Y , et al . A robust approach for android malware detection based on deep learning [J]. Acta Electronica Sinica , 2020 , 48 ( 8 ): 1502 - 1508 . (in Chinese)

DING Y X , ZHU S Y . Malware detection based on deep learning algorithm [J]. Neural Comput & Applic , 2017 , 31 : 461 - 472 .

KUMAR R . Malicious code detection based on image processing using deep learning [C]// 2018 Proceedings of the 2018 International Conference on Computing and Artificial Intelligence . New York : ACM , 2018 : 81 - 85 .

郭春 , 陈长青 , 申国伟 , 等 . 一种基于可视化的勒索软件分类方法 [J]. 信息网络安全 , 2020 , 20 ( 4 ): 31 - 39 .

GUO C , CHEN C Q , SHEN G W , et al . A visualization-based ransomware classification method [J]. Information Network Security , 2020 , 20 ( 4 ): 31 - 39 . (in Chinese)

CHU Q , LIU G , ZHU X . Visualization feature and CNN based homology classification of malicious code [J]. Chinese Journal of Electronics , 2020 , 29 ( 1 ): 154 - 160 .

CHOUDHARY S P , VIDYARTHI M D . A simple method for detection of metamorphic malware using dynamic analysis and text mining [J]. Procedia Computer Science , 2015 , 54 : 265 - 270 .

DAMODARAN A , TROIA F D , VISAGGIO C A , et al . Acomparison of static, dynamic, and hybrid analysis for malware detection [J]. ComputVirol Hack Tech , 2017 , 13 ( 1 ): 1 - 12 .

JAVAHERI D , HOSSEINZADEH M , RAHMANI A M . Detection and elimination of spyware and ransomware by intercepting kernel-level system routines [J]. IEEE Access , 2018 , 6 : 78321 - 78332 .

陈长青 , 郭春 , 崔允贺 , 等 . 基于API短序列的勒索软件早期检测方法 [J]. 电子学报 , 2021 , 49 ( 3 ): 586 - 595 .

CHEN C Q , GUO C , CUI Y H , et al . Early detection method of ransomware based on API short sequence [J]. Acta Electronica Sinica , 2021 , 49 ( 3 ): 586 - 595 . (in Chinese)

ALLAN N , NGUBIRI J . Windows PE API calls for malicious and benigin programs [J]. International Journal of Technology and Management , 2019 , 3 ( 2 ): 1 - 9 .

FASANO F , MARTINELLI F , MERCALDO F , et al . Spyware detection using temporal logic [C]// Proceedings of the 5th International Conference on Information Systems Security and Privacy . Portugal : SCITEPRESS , 2019 : 690 - 699 .

ESLAM A , IVAN Z . A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence [J]. Computers & Security , 2020 , 92 : 101760.1 - 101760.15 .

WANG L , WANG B , ZHAO P , et al . Malware detection algorithm based on the attention mechanism and resnet [J]. Chinese Journal of Electronics , 2020 , 29 ( 6 ): 1054 - 1060 .

BELOUS A , SALADUKHA V . Computer viruses, malicious logic, and spyware [M]// Viruses, Hardware and Software Trojans, Attacks and Countermeasures . Switzerland : Springer , 2020 : 101 - 207 .

BEJOY B J , SUBBIAH J . An intrusion detection and prevention system using ais-an nk cell-based approach [M]// Lecture Notes in Computational Vision and Biomechanics . Switzerland : Springer , 2018 : 883 - 893 .

傅军 , 杨欢 , 芮平亮 , 等 . 基于计算机免疫的间谍软件自适应诱导与检测方法 : CN201310466755.6 [P]. 2016-08-31 .

ALSALEH M N , WEI J , ALSHAER E , et al . Gextractor: automated extraction of malware deception parameters for autonomous cyber deception [M]// Autonomous Cyber Deception . Switzerland : Springer , 2019 : 185 - 207 .

HUTCHINSON S , ZHOU B , KARABIYIK U . Are we really protected an investigation into the play protect service [C]// 2019 IEEE International Conference on Big Data . San Jose : IEEE , 2019 : 4997 - 5004 .

TAHIR R . A study on malware and malware detection techniques [J]. International Journal of Education and Management Engineering , 2018 , 8 ( 2 ): 20 - 30 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据