计算机应用与软件Issue(8):266-271,6.DOI:10.3969/j.issn.1000-386x.2015.08.063
一种恶意代码特征选取和建模方法
A FEATURE SELECTION AND MODELLING METHOD FOR MALICIOUS CODE
摘要
Abstract
In malicious code analysis and detection, the static analysis techniques are not effective to detect metamorphic/polymorphic ma-licious codes.Aiming at this problem, this paper proposes an approach for extracting the dynamic features of malicious code semantics.The method extracts the dynamic features of malicious codes in virtual environment so as to achieve the purpose of protecting physical machine. The primitive features extracted are then further sifted and processed to obtain API calling sequence information in regard to various code sam-ples.In order to make the features more effective, the traditional n-gram model is improved and the n-gram frequency information and the de-pendencies between APIs are added, the improved n-gram model is built as well.The analysis part in experimental result uses the machine learning methods, the decision trees, k-nearest neighbour, support vector machine and Bayesian networks are employed separately to perform a 10-fold crossover validation on the selected sample features.Experimental results show that this feature selection has best detection effect using decision tree J48, it can effectively detect the malicious codes using confusion and polymorphism technologies.关键词
恶意代码/动态分析/序列特征/机器学习Key words
Malicious code/Dynamic analysis/Sequence feature/Machine learning分类
信息技术与安全科学引用本文复制引用
李盟,贾晓启,王蕊,林东岱..一种恶意代码特征选取和建模方法[J].计算机应用与软件,2015,(8):266-271,6.基金项目
国家自然科学基金项目(61100228);中国科学院战略性先导专项项目(XDA06030601,XDA06010701);国家高技术研究发展计划项目(2012AA013101)。 ()
