摘要
为了解决传统攻击树模型在恶意代码检测中存在行为差异性描述不准确、危害量化不合理的问题,提出一种将攻击树结构进行改造、构建攻击树文本图的改进攻击树检测方法,并设计了危害权值算法,从而可以更好地描述和判断恶意代码的攻击行为,引入云检测技术构建检测系统对算法进行验证。实验结果表明,该算法较传统算法对恶意代码及其变种的检测有明显的提高。
In order to solve the problems that the different behavior of the malware does not accurately describe and the harm quantity is unreasonably evaluated, an attack tree structure to transform, build the text figure to improve the attack tree detection method, hazard endanger weight algorithm is proposed, which can better describe and judge the behavior of malicious code attacks, and finally cloud detection technology is introduced to build the detection system on the algorithm for authentication. The experimental results show that the algorithm is more significantly than the traditional algorithms to improve the detection of malicious code and its variants.
出处
《计算机工程与设计》
CSCD
北大核心
2013年第5期1599-1603,1608,共6页
Computer Engineering and Design
基金
国家级火炬计划基金项目(EB011224)
西南科技大学博士基金项目(10ZX7154)
关键词
改进攻击树
云检测
恶意代码
行为检测
危害权值
improved attack tree
cloud detection
malicious code
behavior detection
hazard weights
