计算机工程与应用2011,Vol.47Issue(27):119-121,131,4.DOI:10.3778/j.issn.1002-8331.2011.27.032
采用Win32API相关行为分析的未知病毒检测方法
Method of unknown virus detection based on analysis of Win32 API behaviors
摘要
Abstract
In view of the current behavior-based unknown virus detection methods need to run executable programs and can't detect static virus such as dropper,the static method based on Win32 API behaviors for detecting unknown virus is proposed. Firstly parsing PE files to extract the sensitive Win32 API calls,then classifying the API functions based on malicious behavior and conducting a fixed dimension characteristic behavior vector into a database.With the feature extraction method of minimizing discriminant entropy,the redundant feature items are reduced,finally the improved ^-Nearest Neighbor(KNN) algorithm is used to classify.The experiment results show that the method has a high hit rate and lower missing rate, suitable for unknown virus detection in Cloud Security system.关键词
未知病毒检测/特征提取/K-最近邻算法/精简特征项Key words
unknown virus detection/feature extractions-Nearest Neighbor(KNN) algorithm/reduce feature item分类
信息技术与安全科学引用本文复制引用
刘帅,吴艳霞,马春光,顾国昌,龙勤..采用Win32API相关行为分析的未知病毒检测方法[J].计算机工程与应用,2011,47(27):119-121,131,4.基金项目
中央高校基本科研业务费专项资金(Supported by the Fundamental Research Funds for the Central Universities under Grant No.HEUCF100606,No.HEUCF100604) (Supported by the Fundamental Research Funds for the Central Universities under Grant No.HEUCF100606,No.HEUCF100604)
国家教育部博士点专项基金(No.20092304120013) (No.20092304120013)
黑龙江省青年科技专项基金(No.QC08C39). (No.QC08C39)
