摘要
针对Windows环境下恶意程序数量众多且难以判别的情况,为了改善和提高对恶意程序的识别能力和效果,结合程序行为分析和机器学习技术,设计了一个恶意程序的检测系统。通过对所采集的程序样本集进行动态分析,提取出其两类系统调用序列作为样本特征,以此作为输入数据,对机器学习分类器进行监督式学习训练,使其能够对恶意行为和正常行为进行区分,并可以对于未知程序的性质做出判定,可以高效地识别出恶意程序。结果表明,可以通过较短时间的训练即可到达较为满意的判定能力,也表明了机器学习对于程序行为性质判定方面具有广泛的应用前景。
According to the situation of numerous malware in Windows operating system which couldn' t be easily recog- nized, this paper has designed a malware detection system using the program behavior analysis technology and machine learning to improve the recognition ability and effect of malware. Through dynamic analysis of the samples, two kinds of the API (application programming interface ) sequences of the samples have been gotten. As input information, supervised learning has been executed so that the classifier could distinguish malwarc from benign, and the system could get the ability to recognize the quality of unknown programs. As a result, it could identify the malware more effectively. The resuhs showed that after a short period of training, the system had obtained the satisfying ability as well as machine ]earning could be widely used for judging the quality of programs.
出处
《重庆邮电大学学报(自然科学版)》
CSCD
北大核心
2014年第6期778-784,共7页
Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition)