| 面向最小行为的恶意程序检测研究 |
| |
| 引用本文: | 苗启广,王蕴,曹莹,刘文闯.面向最小行为的恶意程序检测研究[J].系统工程与电子技术,2012,34(8):1735-1740. |
| |
| 作者姓名: | 苗启广 王蕴 曹莹 刘文闯 |
| |
| 作者单位: | 西安电子科技大学计算机学院, 陕西 西安 710071 |
| |
| 基金项目: | 国家自然科学基金,中央高校基本科研业务费专项资金,西安市科技局计划项目(CXY1133,CXY1119(6))资助课题 |
| |
| 摘 要: | 提出了一种基于最小行为的恶意程序分析方法。最小行为,即程序运行时能够表达完整语义的最小应用程序编程接口(application programming interface, API)关联集合。实现了基于最小行为的恶意程序检测原型系统,能够动态捕获恶意程序调用的API及其参数信息,提取API调用之间的使用依赖轮廓,构建恶意程序的最小行为特征向量,利用卡方校验算法实现检测。该方法与传统的基于API频率统计的方法相比,过滤掉了大量无用信息,恶意程序的检出率更高,误检率更低。
|
| 关 键 词: | 恶意程序 系统调用 最小行为 卡方检验 |
Research on detecting technology of malicious software based on sub-behavior |
| |
| MIAO Qi-guang
,
WANG Yun
,
CAO Ying
,
LIU Wen-chuang.Research on detecting technology of malicious software based on sub-behavior[J].System Engineering and Electronics,2012,34(8):1735-1740. |
| |
| Authors: | MIAO Qi-guang WANG Yun CAO Ying LIU Wen-chuang |
| |
| Institution: | School of Computer, Xidian University, Xi’an 710071, China |
| |
| Abstract: | A malware detection method based on minimum behavior is proposed.Minimum behavior is defined as application programming interface(API) subsets which the malicious code operates on each resource at runtime.A malicious software(malware) detecting system based on minimum behavior is implemented to dynamically capture the system calls,and construct the signature of malware by extracting the defined use(def-use) relation between systems calls,and then detect the malware using a chi-square test algorithm.Compared with the method based on the frequency of API,the proposed method has a higher true positive fraction,and the false positive fraction is lower. |
| |
| Keywords: | malicious software system call minimum behavior chi-square test |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《系统工程与电子技术》浏览原始摘要信息 |
| 点击此处可从《系统工程与电子技术》下载免费的PDF全文 |
