关键词: 恶意程序, 网络驱动, 通信检测, 服务提供者接口

Abstract: In allusion to the damage of baleful program for computer users and its fast growth in quantity, a detection system based on network communication behavior data of one program was proposed. A detection model of suspicious communication behavior based on difference contrast was emphasized. The cooperative work diagram of each module of the system and program code of critical technology of the system were given. The test result shows that the system can detect network communication, communication process and domain name for one program.

Key words: baleful program, network driver, communication detection, Service Provider Interface (SPI)