摘要
为了提高检测效率和降低系统开销,提出了使用多个级别的不同分类器用于平衡精确度和系统开销的检测机制.采用操作码等多个独立的数据源作为机器学习的训练集,仅在级别1无法提供可靠的检测时,将级别2作为最终检测结果.并在关注申请权限的同时,研究运行时权限之间的关联性,使用n-gram处理操作码序列.最后,通过实验验证了该方法能够在降低开销的同时保证方法的有效性,因此,提出的方法可以有效地用于未知应用的恶意代码检测.
In order to improve the detection efficiency and reduce the system overhead a detection mechanism using multiple levels of different classifiers for balancing accuracy and system overhead is proposed. A number of independent data sources? such as operation codes? are used as machinelearning training sets. Only when level one fails to provide reliable detection,level two will beused as the final detection result. While paying attention to the application permissions,we studythe association between the runtime permissions by using n-gram to process the opcode sequences. Finally, experiments show that the proposed method can reduce the overhead and ensure theeffectiveness of the method. Therefore,the proposed method can be used effectively for malicious code detection in unknown applications.
作者
陈泽峰
方勇
刘亮
左政
李抒霞
Chen Zefeng;Fang Yong;Liu Liang;Zuo Zheng;Li Shuxia(Information Security Institute , Sichuan University , Chengdu 610065;College of Cyber security , Sichuan University,Chengdu 610065)
出处
《信息安全研究》
2018年第2期133-139,共7页
Journal of Information Security Research
