基于改进CUSUM算法的移动恶意软件TD算法  被引量：2

作　　者：张旭 李鹏[2] ZHANG Xu;LI Peng(Information Technology Centre,Jingchu University of Technology,Jingmen Hubei 448000,China;College of Ocean Engineering,Guilin University of Electronic Technology,Beihai Guangxi 536000,China)

机构地区：[1]荆楚理工学院信息技术中心,湖北荆门448000 [2]桂林电子科技大学海洋工程学院,广西北海536000

出　　处：《计算机仿真》2022年第6期365-368,390,共5页Computer Simulation

基　　金：湖北省自然科学基金计划项目(2019CFC850)。

摘　　要：当前恶意软件检测的触发条件设限较高,致使移动设备的恶意软件无法检测成功。针对移动恶意软件,利用优化的累积和算法,构建一种流量检测算法。以非图解累积和算法作为基础算法,根据等价对数似然比统计量与均值漂移发生判定准则,分析算法弊端。将不定参数作为可偏移量,通过不断减小可偏移量来满足漂移点检测条件,改进可偏移量降幅为分段下降模式,得到累积和优化算法,依据其与改进累积和算法检测到的给定时间序列分布变化,融入多模式匹配算法。分别采用小波变换方法与特征提取方法,获取有效的流量数据特征,结合数组对间相似度,检测出移动恶意软件流量。实验结果验证出上述算法具有良好的检测精准度与实时性,可行性优势显著。At present, the trigger conditions for malware detection are relatively high, so that the malware of mobile device cannot be detected. For mobile malware, this paper used the optimized cumulative-sum algorithm to construct an algorithm of traffic detection. Firstly, we used the non-graphic cumulative sum algorithm as the basic algorithm. According to the equivalent log-likelihood ratio and the criterion for determining the mean shift, we analyzed the shortcomings of the algorithm. Secondly, we took the indefinite parameter as the allowable offset. At this time, we continuously reducd the allowable offset to meet the conditions of detecting drift points. And then, we changed the reduction of allowable offset to the segmented descent mode, and thus to obtain the optimized cumulative-sum algorithm. Based on the changes of distribution of the given time series detected by the improved algorithm, we integrated the algorithm into the multi-pattern matching algorithm. Respectively, we used the wavelet transform method and the feature extraction method to obtain effective traffic data features. Finally, we detected the mobile malware traffic according to the similarity between array pairs. Experimental results prove that the algorithm has good detection accuracy, real-time performance, and significant feasibility.

关 键 词：改进累积和算法 恶意软件 流量检测 可偏移量 多模式匹配算法 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]