| 2种恶意代码行为特征统计方法的比较 |
| |
| 引用本文: | 刘磊,邵堃,胡永涛,王俊.2种恶意代码行为特征统计方法的比较[J].合肥工业大学学报(自然科学版),2009,32(1). |
| |
| 作者姓名: | 刘磊 邵堃 胡永涛 王俊 |
| |
| 作者单位: | 1. 合肥工业大学,计算机与信息学院,安徽,合肥,230009
2. 公安部第三研究所,上海,200062 |
| |
| 基金项目: | 上海市科委科技攻关项目 |
| |
| 摘 要: | 随着恶意代码技术的更新,其检测技术变得日趋复杂,以启发式、前摄检测、行为检测和主动防御为代表的非特征码检测技术孕育而生,这些方法多数是利用了统计学原理。该文阐述了恶意代码行为的捕获方法和对恶意代码行为的统计方法,归纳了恶意代码行为的2种特征统计量定义方式;使用基于标准化欧式距离的分类器对这2种统计空间进行建模,并通过对建模结果的分析,得出了适用于最小距离分类器建模的行为特征统计空间。
|
| 关 键 词: | 恶意代码行为 标准化欧式距离 0-n统计特征空间 0-1统计特征空间 |
Comparison between two statistics of a malicious code behavior feature |
| |
| LIU Lei,SHAO Kun,HU Yong-tao,WANG Jun.Comparison between two statistics of a malicious code behavior feature[J].Journal of Hefei University of Technology(Natural Science),2009,32(1). |
| |
| Authors: | LIU Lei SHAO Kun HU Yong-tao WANG Jun |
| |
| Abstract: | With the evolving of malicious codes,the technologies used to detect them have also become more complex.Some advanced technologies such as the heuristic method,proactive detection,behavior detection and the HIPS can collectively be referred to as 'non-signature' detection methods,but most of these methods all make good use of statistical theory.The methods for capturing and making statistical analysis of the malicious code behavior features are analyzed,and two types of statistics of malicious code behavior features are summarized.Based on the classifier with the normalized Euclidean distance,a model of the two types of statistical space is established,and the statistical space suitable to modeling with the minimum distance classifier is obtained according to the results of modeling. |
| |
| Keywords: | malicious code behavior normalized Euclidean distance 0-n statistical space 0-1 statistical space |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
