检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]四川大学计算机学院,四川成都610065 [2]玉溪师范学院,云南玉溪653100
出 处:《四川大学学报(工程科学版)》2012年第5期109-114,共6页Journal of Sichuan University (Engineering Science Edition)
基 金:国家"863"计划资助项目(2008AA01Z208);四川省青年基金资助项目(09ZQ026-028)
摘 要:Linux平台的恶意软件检测方法目前研究较少,主要的分析手段和检测技术依然有很大的局限性。提出了一种基于ELF文件静态结构特征的恶意软件检测方法。通过对Linux平台ELF文件静态结构属性深入分析,提取在恶意软件和正常软件间具有很好区分度的属性,通过特征选择方法约减提取的特征,然后使用数据挖掘分类算法进行学习,使得能正确识别恶意软件和正常文件。实验结果显示,所使用分类算法能够以99.7%的准确率检测已知和未知的恶意软件,且检测时间较短,占用系统资源较少,可实际部署于反病毒软件中使用。Because malware detection method has been rarely studied in the Linux platform at present,the main analysis and detection methods still have a lot of limitations.A new malware detection method was proposed based on the structural feature of the ELF file.Based on in-depth analysis of the static structural information of the ELF file,the features which could distinguish between malware and the benign were extracted from the structural information of ELF file and feature selection method was applied to reduce the dimensionality of the features.The results of experiments indicated that,when the selected features are trained using classification algorithms,the proposed method has a accuracy of 99.7%,and could identify the known and unknown malware.The new detection approach has high detection accuracy with low processing overheads and less detection time and could be deployed in real-time anti-virus software.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15