摘要
木马病毒检测是保证计算机网络安全的关键。针对此问题,提出了一种基于网络行为分析的木马病毒检测方法。首先,提取变长度N-Gram特征作为木马行为特征;其次,针对N-Gram特征存在的冗余问题,采用信息增益进行筛选,提高特征对木马检测的针对性;最后,构建了一个基于支持向量机的木马病毒检测分类器。仿真实验结果表明,提出的检测方法能够有效检测各类木马病毒程序,且各项检测指标均优于目前检测方法。
Trojan detection is the key to ensuring computer network security.Aiming at this prob-lem,a detection method of Trojan virus based on network behavior analysis is proposed.Firstly,the variable length N-Gram feature is extracted as a Trojan behavior feature.Then,based on the redun-dancy problem of N-Gram features,the information gain is used to filter and improve the pertinence of features on Trojan detection.Finally,a Trojan virus detection classifier based on support vector machine is constructed.The simulation results show that the proposed detection method can effec-tively detect all kinds of Trojan virus programs,and the detection indicators are better than the cur-rent detection methods.
作者
黄学强
HUANG Xue-qiang(Beihai Radio and Television,Beihai 536000,Guangxi Province,China)
出处
《信息技术》
2019年第12期86-90,共5页
Information Technology