检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]东莞理工学院计算机学院,广东东莞523808
出 处:《沈阳工业大学学报》2016年第2期206-210,共5页Journal of Shenyang University of Technology
基 金:国家自然科学基金资助项目(61402106);广东省教育科学规划资助项目(14JXN029)
摘 要:针对恶意代码,尤其是顽固、隐匿的未知恶意代码危害日益加剧的问题,提出一种基于肯定选择分类算法的恶意代码检测方法.将样本文件转换成十六进制格式,提取样本文件的所有n-gram,计算具有最大信息增益的N个n-gram的词频,并做归一化处理,采用改进的肯定选择分类算法进行分类.该方法保留了肯定选择分类算法高分类准确率的优点,优化了分类器训练过程,提高了训练和检测效率.结果表明,该方法的检测效果优于朴素贝叶斯、贝叶斯网络、支持向量机和C4.5决策树等算法.In order to solve the problem that the harm of malware, especially the persistent and stealthy unknown malware becomes more serious, a malware detection method based on positive selection classification algorithm was proposed. The sample files were converted into hexadecimal format, and all n-grams of sample files were extracted. The word frequency of N n-grams with maximum information-gain was calculated and normalized. The improved positive selection classification algorithm was used to perform the classification. The present method retains the high classification accuracy of positive selection classification algorithm, optimizes the training process of classifier, and improves the efficiency of training and detection. The results reveal that the detection efficiency of the present method is prior to that of such algorithms as Naive Bayes, Bayesian Networks, support vector machine and C4.5 decision tree.
关 键 词:网络与信息安全 入侵检测 恶意代码 恶意代码检测 肯定选择分类算法 机器学习 特征选择 静态分析
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145