基于操作码序列频率向量和行为特征向量的恶意软件检测  被引量:4

Malware Detection based on Frequency and Behavior Characteristics Vector of Opcode Sequence

在线阅读下载全文

作  者:修扬[1] 刘嘉勇[1] 

机构地区:[1]四川大学电子信息学院信息安全研究所,四川成都610000

出  处:《信息安全与通信保密》2016年第9期97-101,共5页Information Security and Communications Privacy

摘  要:伴随着互联网科技的发展,恶意软件的数量也急剧增加,同时造成了严重的全球性威胁。因此,恶意软件的检测已经成为了学者们的研究热点。目前,大部分的商业软件通常采用基于特征码的检测方法,虽然这种方法被广泛使用,但其不能够检测到未知的恶意软件。相比较而言机器学习的方法可以用来解决这个问题。通常情况下有以下两种特征用于软件检测:静态特征和动态特征。静态特征是在不执行样本的情况下提取,动态特征则要求在可控的环境下执行恶意软件时提取,这两种方法各有其优缺点。提出了一种合成特征的恶意软件检测方法,它结合了操作代码序列频率向量(静态获得)和可执行文件运行时的行为特征向量(动态获得),将操作代码序列频率向量和行为特征向量以一定形式组合成新的特征向量,用以恶意软件的检测,实验表明,这种组合形式的特征检测方法增强了这两种特征单独用于检测恶意软件的性能。Along with the development of the internet technology, malware software grows rapidly in number and poses serious threats to the worldwide network security. For this reason, the detection of malicious software becomes a hotpot for scholars to study. Currently, most commercial antivirus softwares commonly employ signature-based detection method. And however, this signature- based method usually could not detect unknown malware. Machine-learning method may rather be used to solve this problem. General- ly, there are two features for malware detection, that is , static and dynamic, static characterc is extracted with no file execution, while dynamic character extracted with the file execution and both methods have their own advantages and disadvantages. In this paper, a method to detect unknown malware is proposed, which combines the vector of operating-sequence' s frequency ( statically obtained) with the vector of behavior characteristics (dynamically obtained) when the executable file is executed. Experiment shows that this hy- brid approach could improve the performance of these two features separately.

关 键 词:恶意软件检测 静态特征 动态特征 操作码序列频率向量 行为特征向量 机器学习 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象