期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

提升多维特征检测迷惑恶意代码 被引量:17

Obfuscated Malware Detection Based on Boosting Multilevel Features
下载PDF
导出
摘要 针对迷惑恶意代码识别率较低的问题,提出一种基于提升多维特征的迷惑恶意代码检测算法.该算法在对迷惑恶意代码反汇编后进行静态分析,从Opcode分布序列、调用流图特征、系统调用序列图这3个特征维度对恶意代码家族特征进行归纳和分析,结合统计和语义结构特征表现恶意代码"行为"特性,从而对分类结果加权投票后给出迷惑恶意代码家族判定信息.实验结果表明,该方法对迷惑恶意代码家族检测准确率较高. To cope with the problem of the low accuracy in detecting obfuscated malware, an algorithm to detect obfuscated malware based on boosting multi-level features is presented. After a disassembly analysis and static analysis for the obfuscated malware, the algorithm extracts features from three dimensions: opcode distribution, a function call graph, and a system call graph, which combines the statistic and semantic features to reflect the behavior characteristic of the malware, and then gives out the decision result based on weighted voting for a different feature analysis. It has been proven by experiment that the algorithms have a much higher accuracy on the testing dataset.
作者 孔德光 谭小彬 奚宏生 宫涛 帅建梅
机构地区 中国科学技术大学自动化系 Cyber-Security Laboratory
出处 《软件学报》 EI CSCD 北大核心 2011年第3期522-533,共12页 Journal of Software
基金 国家高技术研究发展计划(863)(2006AA01Z449)
关键词 恶意代码检测 多维特征 迷惑 提升 malware detection multi-feature obfuscate boosting
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献1

二级参考文献14

  • 1Denning D E. An intrusion detection model[ J ]. IEEE Transactions on Software Engineering. 1987 SE-13(2) :222-232.
  • 2Lunt T F, Tamaru A, Gilham F et al. A Real-Time Intrusion Detection Expert System (IDES) [ R ]. Menlo Park : SRI Computer Science Laboratory, 1992.
  • 3Doak J. Intrusion Detection: The Application of Feature Selection, A Comparison of Algorithms, and the Application of a Wide Area Network Analyzer [ D ]. MS thesis. Department of Computer Science, University of California, Davis, 1992.
  • 4Dedar H, Becker M, Simony D. A Neural Network Component fot an Intrusion Detection System [ A ]. In Proceedings of IEEE Symposium on Research in Computer Security and Privacy [ C] , Oakland, CA, May 1992.
  • 5Sarle W S. Neural networks and statistical models[A]. In Proceedings of 19th Annual SAS Users Group Int. Conf. [C]. Cary, NC,April 1994 : 1538-1550.
  • 6Lee W, Stolfo S J. Data Mining Approaches for Intrusion Detection [ A ]. In Proceedings of the 7th USENIX Security Symposium [ C ].San Antonio, TX, January 1998: 26-29.
  • 7Lee W, Stolfo S J, Chan P K. Learning patterns from UNIX processes execution traces for intrusion detection [ A]. In Proceedings of the AAAI-97 Workshop on AI Approaches to Fraud Detection and Risk Management [ C ].Menlo Park: AKAI Press, 1997: 50-56.
  • 8Vapnik V N. The Nature of Statistical Learning Theory [ M ]. New York : Springer-Verlag, 2000.
  • 9Burges J C. A Tutorial on Support Vector Machines for Pattern Recognition [ R]. Bell Laboratories, Lucent Technologies, 1997.
  • 10Ghosh A K, Schwartzbard A. A Study in Using Neural Networks for Anomaly and Misuse Detection [ A ]. In Proceedings of the USENIX Security Symposium [ C ]. Washington, USA,August 23-26, 1999.

共引文献4

同被引文献177

引证文献17

二级引证文献71

软件学报
2011年 第3期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部