期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于最小距离的变形恶意代码分类检测技术

Classification method of metamorphism malware based on minimum distance
下载PDF
导出
摘要 当前阶段,随着变形技术的产生和发展,恶意代码的攻击方式正变得更加复杂和隐蔽。为了准确检测和分析变形恶意代码,本文提出了一种基于最小距离的分类检测技术。通过提取恶意代码执行行为,进行操作语义描述。进而量化分析行为特征,计算不同特征属性间的最小相似距离,完成恶意代码的分类检测。实验结果表明,最小距离分类算法能够快速准确分类恶意代码,平均检出率保持在80%以上,具有良好的检测效果和进一步研究的价值。 Nowadays,with the emergency and development of metamorphism technology, malware's attack is becoming more complicated and concealed. In order to detect and analysis metamorphism malware accurately, this article proposed a classification detection method based on minimum distance. Through extract the malicious behaviors, description them with semantics. And analysis the behavior characteristics, compute similarity between them based on minimum distance, finally,detect and classify metamorphism malware. Experiment result shows that the minimum distance algorithm is effective in detection and classify malware, average relevance ratio is above 80 percentages.this method has good detection effect and the value for further research.
作者 杨梦 张建辉 刘龙龙
机构地区 国家数字交换系统工程技术研究中心
出处 《电子设计工程》 2016年第23期105-107,111,共4页 Electronic Design Engineering
基金 国家自然科学基金创新群体项目(61521003)
关键词 恶意代码 变形技术 最小距离 分类检测 malware metamorphism technology minimum distance classification detection
分类号 TN918 [电子电信—通信与信息系统]
  • 相关文献

参考文献5

二级参考文献31

  • 1Schwarz B, Debray S, Andrews G. Disassembly of Executable 'Code Revisited[C]//Proceedings of the 9th Working Conference on Reverse Engineering. Washington D. C., USA: IEEE ComputerSociety, 2002: 45-54.
  • 2Linn C, Debray S. Obfuscation of Executable Code to Improve Resistance to Static Disassembly[C]//Proceedings of the 10th ACM Conference on Computer and Communications Security. New York, USA: ACM Press, 2003: 290-299.
  • 3Kruegel C, Robertson W, Valeur F, et al. Static Disassembly of Obfuscated Binaries[D]. Santa Barbara, USA: Reliable Software Group, University of California, 2004.
  • 4Kinder J, Zuleger F, Veith H. An Abstract Interpretation-based Framework for Control Flow Reconstruction from Binaries[C]// Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation. Savannah, USA: Springer, 2009.
  • 5Nanda S. Bird: Binary Interpretation Using Runtime Disas- sembly[C]//Proceedings of the International Symposium on Code Generation and Optimization. New York, USA: [s. n.], 2006: 358- 370.
  • 6Bellard F. QEMU: A Fast and Portable Dynamic Translator[C]// Proceedings of 2005 USENIX Annual Technical Conference. Berkeley, USA: USENIX Association, 2005:41-46.
  • 7Aho A V,Sethi R,Ullman J D.编译原理[M].李健中,江守旭译.北京:机械工业出版社,2007.
  • 8F Cohen. Computer Viruses:Theory and Experiments[J].Computers & Security, 1987; 6 ( 1 ): 22~35.
  • 9Diomidis Spinellis. Reliable Identification of Bounded-LengthViruses Is NP-Complete [J].IEEE TRANSACTIONS ON INFORMATIONTHEORY,2003 ;49( 1 ) :280~284.
  • 10Gerald J Tesauro,Jeffrey O Kephart,Gregory B Sorkin. Neural net works for computer virus recognition[J].IEEE EXPERT, 1996; (8) :5~6.

共引文献68

电子设计工程
2016年 第23期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部