摘要
近年来,随着APT事件的不断曝光,恶意代码的追踪溯源逐渐成为了研究热点.在恶意代码攻击越来越有组织性和目的性的新形势下,定义恶意代码同源性的概念,对现有的恶意代码同源性分析中的特征提取技术进行了分析和总结,根据恶意代码同源性分析的特点,选取了恶意代码多个层次上的关键特征,提出一个基于动态BP神经网络的恶意代码同源性方法.该方法利用动态和静态相结合的方法,提取恶意代码的关键特征并比较不同的样本间这些特征的相似性,以此为输入利用动态BP神经网络算法得到同源性分析结果.实验结果表明,经过实际样本集的训练,该方法能够有效地判别恶意代码之间的同源性.
Recently, with the exposure of many advanced persistent threat (APT) events, the trace back of malware is gradually be- coming a research hotspot. Aiming at the situations that the malware attacks are more and more organized and goal-directed,the con- cept of malware homology is defined and the techniques of feature extraction in the existing malicious code homology analysis are analyzed and summarized. According to the characteristics of the homology analysis of malicious code, the key features of the malicious code are selected on multiple levels and a method of malware homology analysis based on dynamic back-propagation ( BP ) neural net-work is put forward. This method extracts the key feature of malicious code from the dynamic and static method and compares these characteristics between different samples. Then this result is inputted to the dynamic back-propagation algorithm to get the homology a- nalysis result. The experiments demonstrate that,with the training of the actual malware samples, the proposed method could estimate the malware homology effectively.
出处
《小型微型计算机系统》
CSCD
北大核心
2016年第11期2527-2531,共5页
Journal of Chinese Computer Systems
基金
国家保密局科研基金项目(BMKY2013B03-1)资助
