摘要
恶意软件给当今的互联网带来了很多安全隐患,现有的很多恶意软件检测方法能够有效识别已知的恶意软件样本,但对于新的恶意样本变种识别效率较低,难以有效检测到新的恶意软件变种,于是提出一种基于本体的家族图聚类的恶意软件检测方法。首先通过配置沙箱对恶意样本行为信息进行提取,然后对生成报告做数据清洗,构造恶意软件的行为描述图,最后通过对已知恶意软件家族的行为图进行图聚类来构建家族行为描述图,并将获取的行为描述图中所有信息按照本体的构建规则构建恶意代码领域本体,分别描述对单独恶意样本个体的行为本体和图聚类后家族的行为本体,通过这种方式来进行恶意代码的检测分类。实验结果表明,与其他现有方法相比,本方法有效且更精确。
Malware brings a major security risks to the Internet today,followed by much research has concentrated on detecting malware.Nowadays,many malware detection methods are difficult to effectively detect new malware samples.These detection methods can effectively identify the known malware samples but not new variants.Therefore,a malware detection method based on Ontology and family graph was proposed.First,extract the malicious sample behavior information by configuring the cuckoo sandbox,and then do data cleaning on the generated report and construct the malware behavior description graph.Finally,the family behavior description graph was constructed by graph clustering of the known malware family behavior.And all the information in the obtained behavior description graph was used to construct the malware domain ontology according to the ontology construction rules.The behavior ontology of individual malware samples and the behavior ontology of family after graph clustering were described respectively.In this way,the malware was detected and classified.The experimentalt results show that this approach is effective with more accurate compared to other existing approaches.proaches.
作者
高一鹏
黄永忠
GAO Yipeng;HUANG Yongzhong(Guangxi Key Laboratory of Crytography and Information Security,Guilin University of Electronic Technology,Guilin 541004,China)
出处
《桂林电子科技大学学报》
2023年第3期246-251,共6页
Journal of Guilin University of Electronic Technology
基金
广东省粤穗联合基金重点项目(2019B1515120085)。
关键词
本体
沙箱
图聚类
恶意软件检测
ontology
sandbox
graph clustering
malware code detection
