427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet138/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   134   135   136   137   138   139   140   141   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
Botnet Detection: Tools and Techniques • Chapter 5
165
427_Botnet_05.qxd 1/9/07 9:59 AM Page 165

menting other elements of integrity management, is a technique called
heuristic analysis
.
T
IP
Integrity detection
is a term generally used as a near-synonym for
change detection
, though it might suggest more sophisticated
approaches. 
Integrity management
is a more generalized concept and
suggests a whole range of associated defensive techniques such as
sound change management, strict access control, careful backup sys-
tems, and patch management. Many of the tools described here can
be described as integrity management tools, even though they aren’t
considered change/integrity detection tools.
Heuristic analysis (in AV; spam management tools often use a similar
methodology, though) is a term for a rule-based scoring system applied to
code that doesn’t provide a definite match to known malware. Program
attributes that suggest possible malicious intent increase the score for that pro-
gram.The term derives from a Greek root meaning 
to discover
and has the
more general meaning of a 
rule of thumb
or an informed guess. Advanced
heuristics use a variety of inspection and emulation techniques to assess the
likelihood of a program’s being malicious, but there is a trade-off:The more
aggressive the heuristic, the higher the risk of false positives (FPs). For this
reason, commercial antivirus software often offers a choice of settings, from
no heuristics (detection based on exact or near-exact identification) to mod-
erate heuristics or advanced heuristics.
Antivirus vendors use other techniques to generalize detection. Generic
signatures, for instance, use the fact that malicious programs and variants have
a strong family resemblance—in fact, we actually talk about virus and bot
families in this context—to detect groups of variants rather than using a single
definition for each member of the group.This has an additional advantage:
There’s a good chance that a generic signature will also catch a brand-new
variant of a known family, even before that particular variant has been ana-
lyzed by the vendor.

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   134   135   136   137   138   139   140   141   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish