计算机工程与应用Issue(18):76-81,6.DOI:10.3778/j.issn.1002-8331.1411-0342
恶意代码同源性分析及家族聚类
Homology analysis of malicious code and family clustering
摘要
Abstract
With the problem of the explosive growth of malicious code and many of the malicious samples are variations of previously encountered samples, this paper presents a novel approach to investigate the homology of malicious code based on behavior characteristics. To distinguish the variations of malicious code, it studies the malicious behavior of malwares, then computes the similarity of characteristics and the call graphs which are extracted by disassembly tools. It employs the clustering algorithms of DBSCAN to discover the family of malicious code. Experiments show that it effectively investi-gates the homology of malicious code and cluster variations into different malicious code family.关键词
恶意代码/同源性/静态分析/函数调用/行为特征/聚类Key words
malicious code/homology/static analysis/function calls/behavior characteristics/clustering分类
信息技术与安全科学引用本文复制引用
钱雨村,彭国军,王滢,梁玉..恶意代码同源性分析及家族聚类[J].计算机工程与应用,2015,(18):76-81,6.基金项目
国家自然科学基金(No.61202387,No.61202385,No.61373168);博士后基金(No.2012M510641);博士点基金(No.20120141110002)。 ()
