摘要
根据典型病毒的行为特征,提取病毒程序的系统API调用序列,用来分类量化病毒的程序行为。模糊分类后建立病毒行为特征库,对可疑程序进行模糊模式匹配。模拟中选取了3种典型计算机病毒样本,在不同阈值下对20个程序进行检测,结果表明,有效识别率可达90%。
The behavior characteristics of the typical virus are analyzed. The sequence of system API calls was used to measure the behavior of virus programs. After the classification by Fuzzy Pattern on the behavior of virus programs, the set of the virus behavior characteristic was constructed. Matching the suspicious programs to the set by the method of Fuzzy Pattern Recognition, 20 programs are detected under different threshold values. The results show that the best accurate rate can reach 90 %.
出处
《青岛大学学报(自然科学版)》
CAS
2007年第4期69-72,共4页
Journal of Qingdao University(Natural Science Edition)
关键词
计算机病毒
程序行为
系统调用
模糊识别
computer viruses
program behavior
system calls
fuzzy recognition
