摘要
恶意程序是互联网时代一个非常具有威胁性的安全问题。恶意程序的出现和传播速度的加快,使得对恶意程序的检测变得更加困难。大多数防火墙和防病毒软件都是根据恶意特征、使用一系列特殊字节来识别恶意代码。然而,恶意程序编写者会使用代码混淆技术来躲避这种检测。为此,研究者提出了动态分析方法来检测这种新的恶意程序,但这种方法的时间效率和匹配精度并不令人满意。文中提出了一种有效的恶意行为图构建与匹配算法,包括存储二维关联图的存储方法、行为图的构建方法、行为关联规则的构建方法、行为图解析算法的设计、行为匹配算法等。最后给出了实验分析,证明了该方法具有较高的检测准确率;除Auto类外,其对其他类别恶意程序的识别率都在90%以上。
Malware is a very threatening security problem in the Internet age.Due to the emergence of malicious programs and the speed up of propagation,it becomes more difficult to detect malicious programs.Most firewalls and antivirus software use a special set of bytes to identify malicious code based on malicious characteristics.However,a programmer of malicious program uses code obfuscation techniques to avoid this detection.Therefore,researchers use dynamic analysis method to combat this new malicious program,but the time efficiency and matching accuracy of this method are not satisfactory.This paper proposes an effective malicious behavior graph construction and matching algorithm,including the storage method of two-dimensional association graph,the construction method of behavior graph,the construction method of behavior association rules,the design of behavior graph parser,and the behavior matching algorithm.Finally,experimental verification analysis proves that this method has a high detection a ccuracy rate,except for the AutoRun category,the recognition rates for other types of malware are all above 90%.
作者
王乐乐
汪斌强
刘建港
苗启广
WANG Le-le;WANG Bin-qiang;LIU Jian-gang;MIAO Qi-guang(Institute of Information Technology,Information Engineering University,Zhengzhou 450000,China;Nanjing Information Technology Institute,Nanjing 210000,China;School of Computer Science and Technology,Xidian University,Xi’an 710071,China)
出处
《计算机科学》
CSCD
北大核心
2021年第4期309-315,共7页
Computer Science
关键词
行为图
最小行为
行为关联
行为匹配
Behavior graph
Minimum behavior
Behavior correlation
Behavior matching
