检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]国防科技大学计算机学院
出 处:《计算机工程与科学》2007年第9期19-22,共4页Computer Engineering & Science
基 金:国家自然科学基金资助项目(60373023);湖南省教育厅青年基金资助项目(05B072)
摘 要:自从第一例计算机病毒被发现以来,特征码法一直是病毒检测的基本方法。但是,病毒的复杂化和变形病毒的出现,限制了该法的有效应用。本文提出一种基于支持SVM的通用病毒智能检测方法,通过支持SVM算法的应用,使得检测系统在小样本的情形下仍具有良好的泛化能力。然后,以系统API函数调用执行迹为例,测试了该法的检测性能,并将实验结果与其他检测方法进行了比较。实验表明,API函数调用序列在区分正常与恶意PE格式程序文件上有很好的辨别力,发现基于支持SVM的病毒检测系统所需要的先验知识小于其他方法。而且,当检测性能相当时,系统的训练时间将会缩短。Since the first computer virus was found, scanning detection has been used as a primary method in virus detection systems. As viruses become more complex and sophisticated, the scanning detection method is no longer able to detect the various forms of malicious code effectively. We explore the idea of automatically detecting viruses based on Support Vec- tor Machine (SVM) and not strictly dependent on certain viruses. By utilizing SVM, the generalizing ability of virus detection systems is still good when the sample size is small An experiment using the system API function call trace is given to illustrate the performance of this method. Finally, the comparison of detection abilities between the above detection method and others is given. Evidence shows that the sequences of the operating system API function calls executed by the running programs are a good discriminator between benign and malicious PE files, the detection system based on SVM needs less priori knowledge than other methods, and can shorten the training time under the same detection performance condition.
分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.222
