期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于加权信息增益的恶意代码检测方法 被引量:9

Malicious Code Detection Method Based on Weighted Information Gain
下载PDF
导出
摘要 采用数据挖掘技术检测恶意代码,提出一种基于加权信息增益的特征选择方法。该方法综合考虑特征频率和信息增益的作用,能够更加准确地选取有效特征,从而提高检测性能。实现一个恶意代码检测系统,采用二进制代码的N-gram和变长N-gram作为特征提取方法,加权信息增益作为特征选择方法,使用多种分类器进行恶意代码检测。实验结果证明,该方法能有效提高恶意代码的检测率和准确率。 Using data mining technology to detect malicious code, this paper proposes a feature selection method based on weighted intormation gain. This method can select effective features more correctly by combining the advantage of informatiou gain with classwise frequency. A malicious code detection system is implemented which adopts binary N-gram and variable-length N-gram as the feature extraction method, weighted informatinn gain as the feature selection method. Several classifiers are used to detect malicious code in the system. Experimental results prove that this method can effectively improve the detection and accuracy rate.
作者 张小康 帅建梅 史林
机构地区 中国科学技术大学自动化系
出处 《计算机工程》 CAS CSCD 北大核心 2010年第6期149-151,共3页 Computer Engineering
基金 国家"863"计划基金资助项目(2006AA01Z449)
关键词 数据挖掘 变长N—gram 特征选择 信息增益 data mining variable-length N-gram feature selection: information gain
分类号 TP391 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献5

  • 1Schultz M G, Eskin E, Zadok E, et al. Data Mining Methods for Detection of New Malicious Executabtes[C]//Proc. of the IEEE Symposium on Security and Privacy. Oakland, California, USA: IEEE Press, 2001: 38-49.
  • 2Assaleh T A, Cercone N, Keselj V, et al. Detection of New Malicious Code Using N-grams Signatures[C]//Proc. of the 2nd Annual Conference on Privacy, Security and Trust. Ontario, Canada [s. n.], 2004: 193-196.
  • 3Kolter J Z, Maloof M A. Learning to Detect and Classify Malicious Executables in the Wild[J]. Journal of Machine Learning Research, 2006, 7: 2721-2744.
  • 4Reddy D S, Dash S K, Pujari A K. New Malicious Code Detection Using Variable Lenglb N-grams[C]//Proc. of the 2nd International Conference on Information Systems Security. Kolkata, India: [s. n.], 2006: 276-288.
  • 5Cohen P, Heeringa B, Adams N M. An Unsupervised Algorithm for Segmenting Categorical Time Series into Episodes[C]//Proc. of the ESF Exploratory Workshop on Pattern Detection and Discovery. London, UK: [s. n.], 2002: 49-62.

同被引文献80

  • 1李伟,苏璞睿.基于内核驱动的恶意代码动态检测技术[J].中国科学院研究生院学报,2010,27(5):695-703. 被引量:9
  • 2张波云,殷建平,蒿敬波,张鼎兴.基于多重朴素贝叶斯算法的未知病毒检测[J].计算机工程,2006,32(10):18-21. 被引量:22
  • 3朱裕禄.Linux系统下的ELF文件分析[J].电脑知识与技术,2006(9):111-113. 被引量:5
  • 4王洪春,彭宏.一种基于主成分分析的异常点挖掘方法[J].计算机科学,2007,34(10):192-194. 被引量:14
  • 5MAIRH A, BARIK D, VERMA K, et al. Honeypot in network secur- ity: a survey[ C] //Proceedings of the 2011 ACM International Con- ference on Communication. New York: ACM Press, 2011 : 600 - 605.
  • 6Rinsing. Safty Reports[ EB/OL]. [ 2011 - 07 - 20]. http://www. rising, com. en/about/news/rising/2011 - 07 - 20/9802. html.
  • 7YE Y, CHEN L, LI T, et aL An interpretable string based malware detection system using SVM ensemble with bagging[ J]. Journal of Computer Virolo-, 2009, 5(4) : 283 -293.
  • 8F-Secure. Virus and threats[ EB/OL]. [ 2011 - 05 - 25]. http:// www. f-secure, com/v-descs/cih, shtml.
  • 9Datarescue. IDA Pro[ EB/OL]. [ 2011 - 03 - 10]. http://www. datarescue, com.
  • 10ABOU-ASSALEH T, CERCONE N, KESELJ V, et al. N-gram- based detection of new malicious code[ C] // COMPSAC'04: Pro- ceedings of the 28th Annual International Computer Software and Applications Conference. Washington, DC: IEEE Computer Socie- ty, 2004:41-42.

引证文献9

二级引证文献30

计算机工程
2010年 第6期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部