摘要
恶意程序的入侵方式简单、隐藏方式多且更新速度快,传统恶意程序检测算法检测误报率高、恶意程序更新追踪能力不佳,为此设计了基于概率论和线性叠加的恶意程序检测算法。该算法由行为特征提取模块、行为特征检测模块和恶意程序输出模块组成,行为特征提取模块将被测网络中程序的行为特征提取出来,经由行为特征检测模块对其中的具体行为和隐含行为进行动态检测,给出程序恶意程度文件,恶意程序输出模块以程序恶意程度文件作为输入,根据设计的线性叠加函数和深度检测流程图检测出其中的恶意程序并输出。经实验证明,设计的算法检测误报率低、恶意程序更新追踪能力强。
Since the malicious program has simple invasion way,massive hidden ways and fast update speed,and the tradi?tional detection algorithm dealing with the malicious program has high false alarm rate of the detection, poor update and tracking ability,a malware program detection algorithm based on probability theory and linear superposition was designed. The algorithm is composed of the behavior feature extraction module,behavior feature detection module and malicious program out?put module. The program behavior feature in the network under test are extracted by means of the behavior feature extraction module,and its concrete behavior and hidden behavior are dynamically detected via the behavior feature detection module. The malicious degree file of the program is given,and taken as the input of the malicious program output module. According to the designed linear superposition function and depth detection flow chart,the malicious program was detected and output. The ex?perimental results show that the algorithm has low false alarm rate of the detection,and good capacity to track the updated mali?cious program.
作者
陆涛
LU Tao(College of Information Engineering,Nanning University,Nanning 530200,China)
出处
《现代电子技术》
北大核心
2017年第3期85-88,共4页
Modern Electronics Technique
基金
2015年度广西高校科学技术研究项目(KY2015YB533):基于新媒体技术的多渠道农业生产资讯推送平台--服务邕宁区农业生产
关键词
恶意程序
检测算法
恶意程度文件
检测误报率
malicious program
detection algorithm
malicious degree file
false alarm rate of detection
