检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Ma Yan Du Donggao
机构地区:[1]Network and Information Center,Institute of Network Technology,Beijing University of Posts and Telecommunications,Beijing 100876,China [2]National Engineering Laboratory for Mobile Network Security,Beijing University of Post and Telecommunications,Beijing 100876,China
出 处:《The Journal of China Universities of Posts and Telecommunications》2020年第2期82-90,共9页中国邮电高校学报(英文版)
基 金:supported by National Natural Science Foundation of China(61601041);Fundamental Research Funds for the Central Universities(2018RC55);Beijing Talents Foundation(2017000020124G062)。
摘 要:Application programming interface(API)is a procedure call interface to operation system resource.API-based behavior features can capture the malicious behaviors of malware variants.However,existing malware detection approaches have a deal of complex operations on constructing and matching.Furthermore,graph matching is adopted in many approaches,which is a nondeterministic polynominal(NP)-complete problem because of computational complexity.To address these problems,a novel approach is proposed to detect malware variants.Firstly,the API of the malware are divided by their functions and parameters.Then,the classified behavior graph(CBG)is constructed from the API call sequences.Finally,the signature based on CBGs for each malware family is generated.Besides,the malware variants are classified by ensemble learning algorithm.Experiments on 1220 malware samples show that the true positive rate(TPR)is up to 89.0%with the low false positive rate(FPR)3.7%by ensemble learning.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15