期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于危险理论的恶意代码检测方法 被引量:4

A malicious code detection method based on danger theory
下载PDF
导出
摘要 针对当前基于多维特征检测恶意代码过程中缺乏有效的特征综合手段及检测方法问题,提出一种基于危险理论的恶意代码特征提取、融合及检测方法。该方法采用n-gram算法提取恶意代码运行时API调用序列特征,再将多个特征融合成危险信号和安全信号,最后利用确定性树突状细胞算法检测恶意代码。实验结果表明:与其他4种检测算法(朴素贝叶斯算法、决策树算法、支持向量机算法、基于实例的学习算法)相比,该方法具有更低的漏报率和误报率。 Aiming at the problem that there was no effective means to synthesize features and detection method during the process of detecting malware with multi-level features, a method based on the danger theory was proposed to extract malware characteristics, synthesize them, and detect malware. This method used the n-gram algorithm to extract the runtime API call sequence features of malware, and then integrated the features into danger signal and safety signal, lastly used the deterministic dendritic cell algorithm to detect malware. The experimental results show that compared with the other four detection algorithms(Naive Bayes algorithm, decision tree algorithm, support vector machine algorithm and instance-based learning algorithm), the proposed method has lower false negative rate and false positive rate.
作者 黄聪会 陈靖 龚水清 罗樵 朱清超
机构地区 空军工程大学信息与导航学院
出处 《中南大学学报(自然科学版)》 EI CAS CSCD 北大核心 2014年第9期3055-3060,共6页 Journal of Central South University:Science and Technology
基金 国家自然科学基金资助项目(61172083)
关键词 危险理论 确定性树突状细胞算法 恶意代码检测 API调用序列 检测率 danger theory deterministic dendritic cell algorithm malicious code detection API call sequence detection rate
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献19

  • 1Manuel E, Theodoor S, Engin K, et al. A Survey on automated dynamic malware-analysis teclmiques and tools[J]. ACM Computing Surveys, 2012, 4(2): 1-49.
  • 2Ilsun Y, Kangbin Y. Malware obfuscation techniques: A brief survey[C]//Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications. Washington, DC, USA: IEEE, 2010: 297-300.
  • 3Jacob G, Debar H, Fillol E. Behavioral detection of Malware: From a survey towards all established taxonomy[J]. Computer Virology, 2008, 4(3): 251-266.
  • 4Engin K, Christopher K. Behavior-based spyware detection[C]// Proceedings of the 15th conference on USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2006: 1-16.
  • 5Mihai C, Somesh J, Christopher K. Mining specifications of malicious behavior[C]//Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering. New York, USA: ACM, 2007: 5-14.
  • 6Mila P, Mihai C, Somesh J, et al. A semantics-based approach to Malware detection[C]// Proceedings of the 34th Annual ACM SIGPLAN-S1GACT Symposium on Principles of Programming Languages. New York, USA: ACM, 2007: 377-388.
  • 7Faraz A, Haider H, M. Zubair S, et al. Using spatio-temporal information in API calls with machine learning algorithms for Malware detection[C]//Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence. NY, USA: ACM, 2009: 55-62.
  • 8孔德光,谭小彬,奚宏生,宫涛,帅建梅.提升多维特征检测迷惑恶意代码[J].软件学报,2011,22(3):522-533. 被引量:17
  • 9刘巍伟,石勇,郭煜,韩臻,沈昌祥.一种基于综合行为特征的恶意代码识别方法[J].电子学报,2009,37(4):696-700. 被引量:30
  • 10Matzinger E Tolerance, danger and the extended family[J]. Annual Review on Immunology, 1994, 12(4): 991-1045.

二级参考文献17

  • 1王辉,刘淑芬.一种可扩展的内部威胁预测模型[J].计算机学报,2006,29(8):1346-1355. 被引量:22
  • 2苏璞睿,冯登国.基于进程行为的异常检测模型[J].电子学报,2006,34(10):1809-1811. 被引量:17
  • 3CNCERT/CC.CNCERT/CC 2007年上半年网络安全工作报告[OL].http://www.cen.org.cn/UserFiles/File/CNCERTCC200701.pdf,2008.
  • 4Trusted Computing Group. TCG Specification Architecture Overview Specification Revision 1.2[ S]. https://www. trustedcomputinggroup. org. Apt 2004.
  • 5L M Adleman. An abstract theory of computer viruses[ J] .Lecture Notes in Computer Science, 1990,403:109- 115.
  • 6F Cohen,Computer viruses:Theory and experiments[J]. Computers and Security, 1987,6(1) : 22 - 35.
  • 7M Christodorescu, S Jha. Static Analysis of Executables to Detect Malicious Pattems[ A ]. Proceedings of the 12th USENIX Security Symposium[ C]. Washington DC, August 2003. 169 - 186.
  • 8J Bergeron,M Debbabi, J Desharnais,M Erhioui, Y Lavoie,N Tawbi. Static detection of malicious code in executable programs[ A]. In: 1st Symposium on Requirements Engineering for Information Security[ C]. Indianapolis, 2001.525 - 530.
  • 9W Landi. Undecidability of static analysis[ A]. ACM Letters on Programming Languages and Systems (LOPLAS) [ C ]. ACM Press, 1992.323 - 337.
  • 10E M Myers. A precise interprocedural data flow algorithm[ A]. In Conference Record of the 8th Annual ACM Symposium on Principles of Programming Languages ( POPL' 81 ) [ C]. ACM Press, 1981.219 - 230.

共引文献42

同被引文献23

引证文献4

二级引证文献20

中南大学学报(自然科学版)
2014年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部