摘要
针对基于传统恶意代码签名的恶意代码检测方法在检测恶意代码时难以应对变形、多态与其他恶意代码变异技术等问题,以及在检测过程中最坏情况下的时间复杂度过高的特点,文章基于恶意代码在沙箱中运行时使用的API调用序列,利用时间序列数据分类中的Shapelet思想构建可用于恶意代码分类的恶意代码分类树。实验结果表明该方法不仅能够应对恶意代码变异技术,还可以缩短恶意代码检测的时间。
Against malware detection method based on traditional malware signature in the detection of malware is difficult in dealing with metamorphosis, polymorphic and other malware variation technologies, and the feature of high time complexity of the worst case in the detection process, this paper uses the idea of Shapelet in the classification of time series data, and builds the malware classification tree that can be used for malware classification based on the API calling sequence used running in sandbox, the experimental show that this method can not only cope with the malware variation technology, but also reduce the malware detection time.
作者
李云春
鲁文涛
李巍
LI Yunchun;LU Wentao;LI Wei(School of Computer Science and Engineering, Beihang University, Beijing 100191, China)
出处
《信息网络安全》
CSCD
北大核心
2018年第3期70-77,共8页
Netinfo Security
基金
国家自然科学基金[2016YFB1000304]
