摘要
木马是目前计算机网络面临的主要安全威胁之一。针对现有木马检测方法的不足,提出了行为分析9ID3决策树相结合的木马动态检测技术,对其原理、算法、实现和性能进行了详细介绍。利用ID3算法对样本进行学习建立的木马判定决策树,根据程序运行时的行为判定其是否为木马。在Windows系统下的实现和测试显示该技术具有较高的准确率。
Trojan is one of the main security threats to computer network. This paper puts forward an improved method to detect Trojan dynamically which combines behavioral analysis with ID3 decision tree, making up the insufficiency of the common methods. This paper describes the principle, algorithm, implementation and performance of this technology in detail, and learns Trojan samples and normal samples using ID3 algorithm, therefore built a decision tree with its results. Finally, the kind of a sample could be judged based on its behaviors when the sample is running. Implementation and experiments have proved that in windows system, this technology could detect Trojan efficiently.
出处
《智能计算机与应用》
2011年第1X期32-34,共3页
Intelligent Computer and Applications
基金
基金项目:973项目(2007CB311101),863项目(2010AA012504),自然科学基金(60903166),中央高校基本科研业务费专项资金资助(HIT.NSRIF.2010041).
关键词
数据挖掘
ID3算法
决策树
木马
动态检测
Data Mining
ID3 Algorithm
Decision Tree
Trojan
Dynamic 13etection