检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]中北大学电子与计算机科学技术学院,山西太原030051
出 处:《计算机技术与发展》2009年第10期160-163,共4页Computer Technology and Development
基 金:山西省自然科学基金(20011040)
摘 要:目前基于行为分析的未知病毒检测方法,需要可执行文件运行后才能检测到,无法检测出以静态形式存在计算机中的病毒文件。文中提出了一种基于静态文件的未知病毒检测新技术,通过分析PE文件结构中的异常值,运用贝叶斯方法和支持向量机来识别静态和非静态的未知病毒。相比基于行为分析的未知病毒检测方法,在不需要运行可执行文件的情况下即可检测出是否可能为未知病毒文件。本方法相比基于函数调用API序列的数据挖掘方法的病毒检测方法,不需要对文件进行脱壳等复杂计算处理,明显提高了检测速度。试验结果表明,该方法对未知病毒有较快的检测速度、较高的识别率和较低的误判率。Behavior- based analysis of currently unknown virus detection methods, necessary to run an executable file can be detected after, can not be detected in static form of computer virus file. In this paper, a document based on the static unknown virus detection of new technologies, by analyzing the PE file structure of the abnormal value, the use of Bayesian methods and support vector machine to identify the static and non- static unknown virus. Compared to behavior- based analysis of the unknown virus detection methods, do not need to run the executable file in the case of the possibility to detect the virus file is unknown. The method is compared to API function call scquence based on the data mining method of virus detection methods, the documents do not need to shell deal with such complex calculations clearly improve the detection speed. Test results indicate that the method of the unknown virus detecter has faster detection speed, higher recognition rate and lower rate of misjudgment.
分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.192