摘要
计算机及网络技术的发展致使恶意代码数量每年以指数级数增长,对网络安全构成了严重的威胁。该文将恶意代码逆向分析与可视化相结合,提出了将可移植可执行(PE)文件的".text"段函数块的操作码序列simHash值可视化的方法,不仅提高了恶意代码可视化的效率,而且解决了操作码序列simHash值相似性判断困难的问题。实验结果表明:该可视化方法能够获得有效信息密度增强的分类特征;与传统恶意代码可视化方法相比,该方法更高效,分类结果更准确。
The development of computers and networking has been accompanied by exponential increases in the amount of malware which greatly threaten cyber space applications. This study combines the reverse analysis of malicious codes with a visualization method in a method that visualizes operating code sequences extracted from the ".text"section of portable and excutable(PE)files.This method not only improves the efficiency of malware,but also solves the difficulty of simHash similarity measurements.Tests show that this method identifies more effective features with higher information densities.This method is more efficient and has better classification accuracy than traditional malware visualization methods.
作者
刘亚姝
王志海
侯跃然
严寒冰
LIU Yashu;WANG Zhihai;HOU Yueran;YAN Hanbing(School of Computer and Information Technology Beijing Jiaotong University,Beijing 100044,China;School of Electrical and Information Engineering,Beijing University of Civil Engineering and Architecture,Beijing 100044,China;Institute of Network Technology,Beijing University of Posts and Telecommunication,Beijing 100876,China;National Computer Network Emergency Response Technical Team/Coordination Center of ChinaBeijing 100029,China)
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2019年第1期9-14,共6页
Journal of Tsinghua University(Science and Technology)
基金
国家自然科学基金重点项目(U1736218)
国家自然科学基金面上项目(61672086)
国家重点研发计划项目(2018YFB0803604)
