期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于API函数及其参数相结合的恶意软件行为检测 被引量:17

Behavior detection of malware based on combination of API function and its parameters
下载PDF
导出
摘要 提出了一个较灵活、可扩展的方法,它是基于更细致的运行特征:API函数调用名、API函数的输入参数及两种特征的结合。抽取以上三类特征,借助信息论中的熵,定义了恶意代码信息增益值的概念,并计算相应的API及其参数在区分恶意软件和良性软件时的信息增益值,进而选择识别率高的特征以减少特征的数目从而减少分析时间。实验表明,少量的特征选取和较高的识别率使得基于API函数与参数相结合的检测方法明显优于当前主流的基于API序列的识别算法。 This paper proposed a more flexible and scalable method, which was based on more detailed operation characteristics:API function call name, input parameters in API functions, the two types of the combination of features. It extracted three categories above, defined the concept of the information gain value of malicious code with the help of the entropy in information theory, then, calculated the information gain value of the corresponding API and its parameters in distinguishing the malware and begin software. And then selected the characteristic having higher recognition rate to reduce the number of features and analysis time. Experiment show that, a small amount of feature selection and higher accuracy makes it more superior to the algorithm of API based detection of malware.
作者 韩兰胜 高昆仑 赵保华 赵东艳 王于波 金文德
机构地区 华中科技大学计算机学院信息安全研究所 中国电力科学研究院信息工程研究所 国网电力科学研究院 浙江省电力公司
出处 《计算机应用研究》 CSCD 北大核心 2013年第11期3407-3410,3425,共5页 Application Research of Computers
基金 国家自然科学基金资助项目(61272003 61272405)
关键词 恶意软件检测 基于行为检测 API调用名 输入参数 信息增益值 malware detection behavior-based detection API calls input parameters information gain value
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献17

  • 1SEIFERT C, WELCH I, KOMISARCZUK P. Identification of malicious Web pages with static heuristics [ C ]//Proc of Australasian Telecom- munication Networks and Applications Conference. 2008:91-96.
  • 2RICHARDSON R. 12th annual edition of the CSI computer crime and security survey[ R ]. [ S. 1. ] :Computer Security Institution ,2008.
  • 3McAfee threats report: fourth quarter 2010 [ R]. [ S. 1. ] : McAfee Labs,2011.
  • 4HAN Lan-sheng, FU Cai, ZOU De-qing, et al. Task-based behavior de- tection of illegal codes [ J ]. Mathematical and Computer Model- ling,2012,55( 1 ) :80-86.
  • 5WANG C,PANG J M,ZHAO R C, et al. Malware detection based on suspicious behavior identification [ C ]//Proc of the 1st International Workshop on Education Technology and Computer Science. 2009: 198- 202.
  • 6TIAN R,BATTEN L M,ISLAM R,et al. Differentiating malware from cleanware using behavioural analysis [ C ]//Pro~ of the 5th IEEE In- ternational Conference on Malicious and Unwanted Software. 2010:23- 30.
  • 7RIECK K, LASKOV P. Linear-time computation of similarity measures for sequential data [ J]. Journal of Machine Learning Research, 2008,9(6/1 ) :23-48.
  • 8AHMED F, HAMEED H, SHAFIQ M Z, et al. Using spatio-temporal information in API calls with machine learning algorithms for malware detection [ C ]//Proc of the 2nd ACM Workshop on Security and Artificial Intelligence. New York : ACM Press, 2009 : 55- 62.
  • 9SZOR P. The art of computer virus research and defense [ M ]. [ S. 1. ] : Addison-Wesley Professional ,2005.
  • 10YASON V M. The art of unpacking[ EB/OL]. http://www, blackhat: com/presentations/bh-usa: 07/yason/whitepaper/bh-usa-07-yason-wp.pdf.

同被引文献120

  • 1邹刚,王亚平,李永刚.三坐标测量机测量路径自动生成的研究[J].航空计测技术,2004,24(3):6-7. 被引量:13
  • 2陈洪泉.恶意软件检测中的特征选择问题[J].电子科技大学学报,2009,38(S1):53-56. 被引量:9
  • 3余小勇.基于DMIS和UG的CMM检测路径生成及仿真[J].现代电子技术,2006,29(1):119-120. 被引量:7
  • 4Kyoung-Soo Han,In-Kyoung Kim,Eul Gyu Im.Malware classification methods using API sequence characteristics[C]//Proceedings of the International Conference on IT Convergence and Security,2011:613-626.
  • 5Kyoung-Soo Han,In-Kyoung Kim,Eul Gyu Im.Detection methods for malware variant using API call related graphs[C]//Proceedings of the International Conference on IT Convergence and Security,2011:608-611.
  • 6Han Lansheng,Fu Cai,Zou Deqing,et al.Task-based behavior detection of illegal codes[J].Mathematical and Computer Modelling,2012,55(1):80-86.
  • 7Seifert C,Welch I,Komisarczuk P.Identification of malicious web pages with static heuristics[C]//Proceedings of the Australasian Telecommunication Networks and Applications Conference,2008:91-96.
  • 8工业和信息化部电信研究院.移动互联网白皮书.北京:工业和信息化部电信研究院,2013.
  • 9Egele M, Kruegel C, Kirda E, et al. PiOS: detecting privacy leaks in iOS applications. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium. San Diego: NDSS, 2011.
  • 10Anupam D, Nikita B, Matthew C. Do you hear what I hear? Fingerprinting smart devices through embedded acoustic components. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. Scottsdale: ACM, 2014. 441-452.

引证文献17

二级引证文献41

计算机应用研究
2013年 第11期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部