摘要
随着互联网技术的发展和安全形势的变化,恶意软件的数量呈指数级增长,恶意软件的变种更是层出不穷,传统的鉴别方法已经不能及时有效的处理这种海量数据,这使得以客户端为战场的传统查杀与防御模式不能适应新的安全需求,各大安全厂商开始构建各自的"云安全"计划。在这种大背景下,研究恶意软件检测关键技术是非常必要的。针对恶意软件数量大、变化快、维度高与干扰多的问题,我们研究云计算环境下的软件行为鉴别技术,探讨海量软件样本数据挖掘新方法、事件序列簇类模式挖掘新模型和算法及在恶意软件鉴别中的应用,并构建面向云安全的恶意软件智能鉴别系统原型以及中文钓鱼网站检测系统架构。
With the development of the Internet technology and the changes of the situation of Internet security,we witness exponential increase of the number of malicious software and their endless variants.Traditional detection methods cannot effectively and timely deal with such mass of malicious software data,making traditional anti-virus platform running on PC client cannot satisfy current security requirements any more,thus some major Internet security venders have been launching their 'cloud security' program.Under such background,it is urgent to develop some new effective and efficient techniques for malware detection.In this paper,we investigate malware detection techniques based on cloud computing,including mining massive software samples,and applying new clustering models/algorithms for event sequences into malware detection,to deal with the critical issues of malware as being of large amount,fast change,highdimension and noise-laden.Furthermore,we propose a prototype of intelligent malware detection system for cloud security.
出处
《集成技术》
2012年第1期55-64,共10页
Journal of Integration Technology
基金
国家自然科学基金(面向软件行为鉴别的事件序列挖掘方法研究
NO.61175123)
深圳市生物
互联网
新能源产业发展专项资金(NO.CXB201005250021A)
关键词
恶意软件鉴别
数据挖掘
特征表征
模型构建
分类集成
事件序列挖掘
malicious software identification
data mining
feature representation
model construction
classifier ensemble
event sequence mining
