Characteristics of states changing before / after the execution of unknown malicious programs were analyzed,a novel host characteristics-based unknown malicious programs dynamic recognition system is developed by using virtual execution technology. All suspicious programs were redirected into the special sandbox and executed. The unknown malicious programs were recognized by real-timely monitoring and deeply analyzing files,regedits,processes,services and network systems of the virtual hosts in sandboxes. Next,according to the real-time records in the process of the execution of the unknown malicious programs,early warning strategies were produced to protect the files of the real-world scenarios from being altered or attacked. Experimental results show that the accuracy of this system for unknown malicious programs recognition has been improved significantly. Hence,it can high-efficiently prevent smart grid from being attacked by the unknown malicious programs.
Computer and Modernization
unknown malicious programs