一种基于词加权LDA模型的恶意文件检测方法  被引量:1

A MALICIOUS FILE DETECTION METHOD BASED ON"KEY WORDS"WEIGHTED LDA MODEL

在线阅读下载全文

作  者:徐建国 王旭阳 Xu Jianguo;Wang Xuyang(School of Computer Science and Engineering,Shandong University of Science and Technology,Qingdao 266590,Shandong,China)

机构地区:[1]山东科技大学计算机科学与工程学院,山东青岛266590

出  处:《计算机应用与软件》2024年第3期313-320,共8页Computer Applications and Software

基  金:2016年青岛市哲学社会科学规划项目(QDSKL1601121);2017年山东省高校人文社会科学研究计划(思想政治教育专题研究)资助经费项目(J17ZZ27);2018年山东科技大学研究生科技创新项目(SDKDYC180339)。

摘  要:恶意文件中往往含有出现频率较低、但表征能力更好的特征码,传统的方法未能将这一类特征提取出来。针对该问题,提出一种基于词加权LDA模型的恶意文件检测方法,该方法通过反汇编对样本进行预处理,采用改进的KeyGraph算法(IKG)提取“重点词”,这类词具有更好的特征表征能力,再利用优化的点互信息(OPMI),算出各“重点词”权重,构建词字典,然后将该词加权方法扩展到LDA模型,建立IKG-OPMI-LDA(IOL)模型完成分类,并采用Gibbs Sampling进行参数估计。实验结果表明,相较于其他方法,该方法的分类准确率有明显提高,分类效率更好,并且提取的特征具有更高的区分度,与主题相关度更高。Malicious files often contain feature codes that appear less frequently but have better characterization capabilities.Traditional methods have failed to extract this type of feature.In response to this problem,a malicious file detection method based on word weighted LDA model is proposed.The method preprocessed the samples through disassembly,and extracted"key words"by improved KeyGraph algorithm(IKG).This kind of words had better characteristic representation abilities.The optimized point mutual information(OPMI)was used to calculate the weight of each"key word",established a word dictionary.This word weighting method was extended to the LDA model,and the IKG-OPMI-LDA(IOL)model was built to complete the classification.Gibbs Sampling was adopted for parameter estimation.The experimental results show that,compared with other methods,the classification accuracy of this method is significantly improved,the classification efficiency is better,and the extracted features have a higher degree of discrimination and a higher degree of correlation with the topic.

关 键 词:恶意文件 LDA IKG 加权模型 文档分类 

分 类 号:TP39[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象