计算机工程Issue(12):104-107,113,5.DOI:10.3969/j.issn.1000-3428.2014.12.019
基于K-L散度的恶意代码模型聚类检测方法
Detection Method of Malicious Code Model Clustering Based on K-L Divergence
摘要
Abstract
Under the environment of the cloud computing, the network security vulnerabilities and attack increase rapidly because the service system is more and more complex, and the traditional pattern of malicious code detection technology and protection can not meet the requirement of cloud storage environment. This paper introduces Gaussian Mixture Model( GMM) to build the layered detection mechanism of the malicious code,uses the methods of information gain and document frequency to analyze the malicious code feature,combining K-L Divergence( KLD) to put forward a method of model clustering on malicious code based on K-L divergence method,this method can improve the malicious code detection rate and accurate efficiency than other methods. This paper adopts KDDCUP99 data sets to complete the process of data preprocessing and cluster analysis using the Weka open-source software. Experimental results show that the average malicious code detection time proposed by this paper improves by 16 . 6% compared with Bayes-algorithm;and meanwhile the rate of malicious code detection increases by 1. 05 % under the virtual environment.关键词
恶意代码/高斯混合模型/K-L散度/模型聚类/信息增益/文档频率Key words
malicious code/Gaussian Mixture Model( GMM)/K-L Divergence( KLD)/model clustering/information gain/document frequency分类
信息技术与安全科学引用本文复制引用
边根庆,龚培娇,邵必林..基于K-L散度的恶意代码模型聚类检测方法[J].计算机工程,2014,(12):104-107,113,5.基金项目
国家自然科学基金资助项目(61272458)。 (61272458)
