基于关联规则的恶意程序多分类检测方法研究  被引量:1

Research on multi-classification detection method of malware based on association rules

在线阅读下载全文

作  者:满红任 陈晨 刘秀 MAN Hong-ren;CHEN Chen;LIU Xiu(Information Center of Yunnan Power Grid Co.,Ltd.,Kunming 650200,China)

机构地区:[1]云南电网有限责任公司信息中心,昆明650200

出  处:《信息技术》2023年第1期163-167,173,共6页Information Technology

摘  要:传统多分类检测方法只考虑了数据的时序性,导致模型面对不同恶意程序时数据召回率较低,为此提出基于关联规则的恶意程序多分类检测方法。重新设置分簇路由协议,判定不同类型的恶意攻击;利用最优决策函数构建时序模型,采集静态信息时序特征;基于关联规则设计时序模型的约束条件,在分类过程中排查召回动态信息,实现对恶意程序的多分类检测。实验统计三次测试所得结果的平均值,基于关联规则的时序模型平均召回率比对照的三组模型分别高了0.1001、0.0993和0.086,能够在恶意程序多分类完成前,召回出现异变的数据。Traditional multi-classification detection methods only consider the time sequence of data, resulting in low data recall rate when the model faces different malware. Therefore, a multi-classification detection method of malware based on association rules is proposed. Reset the clustering routing protocol to determine different types of malicious attacks, and the time series model is constructed by using the optimal decision function to collect the time series characteristics of static information. Then, the constraint conditions of time series model are designed based on association rules, the recall dynamic information is checked in the classification process to realize the multi classification detection of malicious programs. The average value of the results obtained from the three tests is counted in the experiment. The average recall rate of the time series model based on association rules is 0.1001, 0.0993 and 0.086 higher than that of the control three groups of models respectively, which can recall the data with changes before the multi-classification of malicious programs is completed.

关 键 词:恶意程序 多分类检测 静态信息 时序模型 关联规则 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象