摘要
伴随着互联网科技的发展,恶意软件的数量也急剧增加,同时造成了严重的全球性威胁。因此,恶意软件的检测已经成为了学者们的研究热点。目前,大部分的商业软件通常采用基于特征码的检测方法,虽然这种方法被广泛使用,但其不能够检测到未知的恶意软件。相比较而言机器学习的方法可以用来解决这个问题。通常情况下有以下两种特征用于软件检测:静态特征和动态特征。静态特征是在不执行样本的情况下提取,动态特征则要求在可控的环境下执行恶意软件时提取,这两种方法各有其优缺点。提出了一种合成特征的恶意软件检测方法,它结合了操作代码序列频率向量(静态获得)和可执行文件运行时的行为特征向量(动态获得),将操作代码序列频率向量和行为特征向量以一定形式组合成新的特征向量,用以恶意软件的检测,实验表明,这种组合形式的特征检测方法增强了这两种特征单独用于检测恶意软件的性能。
Along with the development of the internet technology, malware software grows rapidly in number and poses serious threats to the worldwide network security. For this reason, the detection of malicious software becomes a hotpot for scholars to study. Currently, most commercial antivirus softwares commonly employ signature-based detection method. And however, this signature- based method usually could not detect unknown malware. Machine-learning method may rather be used to solve this problem. General- ly, there are two features for malware detection, that is , static and dynamic, static characterc is extracted with no file execution, while dynamic character extracted with the file execution and both methods have their own advantages and disadvantages. In this paper, a method to detect unknown malware is proposed, which combines the vector of operating-sequence' s frequency ( statically obtained) with the vector of behavior characteristics (dynamically obtained) when the executable file is executed. Experiment shows that this hy- brid approach could improve the performance of these two features separately.
出处
《信息安全与通信保密》
2016年第9期97-101,共5页
Information Security and Communications Privacy
关键词
恶意软件检测
静态特征
动态特征
操作码序列频率向量
行为特征向量
机器学习
malware detection
static characteristics
dynamic characteristics
vector of operating-sequence frequency
vector ofbehavior characteristics
machine learning.
