共查询到20条相似文献,搜索用时 31 毫秒
1.
Nowadays malware is one of the serious problems in the modern societies. Although the signature based malicious code detection is the standard technique in all commercial antivirus softwares, it can only achieve detection once the virus has already caused damage and it is registered. Therefore, it fails to detect new malwares (unknown malwares). Since most of malwares have similar behavior, a behavior based method can detect unknown malwares. The behavior of a program can be represented by a set of called API's (application programming interface). Therefore, a classifier can be employed to construct a learning model with a set of programs' API calls. Finally, an intelligent malware detection system is developed to detect unknown malwares automatically. On the other hand, we have an appealing representation model to visualize the executable files structure which is control flow graph (CFG). This model represents another semantic aspect of programs. This paper presents a robust semantic based method to detect unknown malwares based on combination of a visualize model (CFG) and called API's. The main contribution of this paper is extracting CFG from programs and combining it with extracted API calls to have more information about executable files. This new representation model is called API-CFG. In addition, to have fast learning and classification process, the control flow graphs are converted to a set of feature vectors by a nice trick. Our approach is capable of classifying unseen benign and malicious code with high accuracy. The results show a statistically significant improvement over n-grams based detection method. 相似文献
2.
3.
A non-signature-based virus detection approach using Self-Organizing Maps (SOMs) is presented in this paper. Unlike classical virus detection techniques using virus signatures, this SOM-based approach can detect virus-infected files without any prior knowledge of virus signatures. Exploiting the fact that virus code is inserted into a complete file which was built using a certain compiler, an untrained SOM can be trained in one go with a single virus-infected file and will then present an area of high density data, identifying the virus code through SOM projection. The virus detection approach presented in this paper has been tested on 790 different virus-infected files, including polymorphic and encrypted viruses. It detects viruses without any prior knowledge – e.g. without knowledge of virus signatures or similar features – and is therefore assumed to be highly applicable to the detection of new, unknown viruses. This non-signature-based virus detection approach was capable of detecting 84% of the virus-infected files in the sample set which included, as already mentioned, polymorphic and encrypted viruses. The false positive rate was 30%. The combination of the classical virus detection technique for known viruses and this SOM-based technique for unknown viruses can help systems be even more secure. 相似文献
4.
Gerardo Canfora Antonio Niccolò Iannaccone Corrado Aaron Visaggio 《Journal in Computer Virology》2014,10(1):11-27
Metamorphic viruses are particularly insidious as they change their form at each infection, thus making detection hard. Many techniques have been proposed to produce metamorphic malware, and many approaches have been explored to detect it. This paper introduces a detection technique that relies on the assumption that a side effect of the most common metamorphic engines is the dissemination of a high number of repeated instructions in the body of the virus program. We have evaluated our technique on a population of 1,000 programs and the experimentation outcomes indicate that it is accurate in classifying metamorphic viruses and viruses of other nature, too. Virus writers use to introduce code from benign files in order to evade antivirus; our technique is able to recognize virus even if benign code is added to it. 相似文献
5.
目前大多数的源码安全审计工具在整型错误的检测上具有局限性,往往只能检测整型溢出类型的漏洞。针对这个问题,对已有的系统依赖图(system dependence graph,SDG)检测模型进行了改进,结合类型限定理论提出了基于类型限定的系统依赖图(type-qualified SDG, QSDG)检测模型。该模型不仅可以用来检测C代码中潜在的绝大多数整型错误,而且还能根据其出错原因将其分类到所定义的八种错误类型。与SDG检测模型仅采用图同构算法进行检测相比,先使用类型推断算法再对QSDG进行检测可以降低检测所花费的时间。 相似文献
6.
为轻松获得程序的可能执行路径,进而实现程序变量的状态跟踪,提出了一种C/C++源代码控制流提取算法,通过该模型获取控制流切片,产生局部控制流图,将数据流异常检测与安全子集检测相结合,弥补了单独使用安全子集方法无法跟踪数据流的不足,增强代码安全隐患的挖掘能力.利用控制流图化简,排除部分不可达控制流信息,提高跟踪效率.通过对3个Linux内核源文件的检测,验证了该方法不仅可以检测出违反安全子集的代码安全隐患,同时对代码数据流异常检测提供支持,准确率达94.9%. 相似文献
7.
8.
9.
Android现有的恶意代码检测机制主要是针对bytecode层代码,这意味着嵌入Native层的恶意代码不能被检测,最新研究表明86%的热门Android应用都包含Native层代码。为了解决该问题,本文提出一种基于Native层的Android恶意代码检测机制,将smali代码和so文件转换为汇编代码,生成控制流图并对其进行优化,通过子图同构方法与恶意软件库进行对比,计算相似度值,并且与给定阈值进行比较,以此来判断待测软件是否包含恶意代码。实验结果表明,跟其他方法相比,该方法可以检测出Native层恶意代码而且具有较高的正确率和检测率。 相似文献
10.
研究了C++中的指针机制、以及指针类型对象(变量)在多个源程序代码文件中关联关系。基于信息提取和结果整理,计算机可视化实现和表示C++中的指针机制和多源程序代码文件的关联关系。研究了抽取结果的存储机制和基于该机制的自动排序源文件引用关系的方法,最后提出了一种手工调整图元布局的算法,作为自动排序算法的补充。对实际代码分析的结果表明该方法利于程序分析并支持对源代码的辅助理解。 相似文献
11.
12.
13.
基于控制流的静态反汇编算法研究 总被引:4,自引:0,他引:4
该文在分析各种类型的指令对程序静态流程影响的基础上,提出了一种基于程序流程遍历图的静态反汇编算法,并给出了一种基于统计学的代码间隙填充技术对由间接跳转和间接调用所引用的代码区进行反汇编的方法。 相似文献
14.
针对基于PHP语言开发的Web应用系统,提出了一种基于图遍历算法的服务端请求伪造漏洞检测和利用方法。通过构建抽象语法树,获取每个文件的数据流信息,进而利用数据流中的传递依赖关系构造全局的代码属性图,使用图遍历算法对生成的代码属性图进行污点分析,得到污点变量的代码传递依赖路径图,最后使用约束求解的方法对路径图中的经过函数信息进行漏洞检测并生成可利用的攻击向量。实验结果表明,这种检测方式相较于传统的静态审计方法能够很好地发现服务端请求伪造漏洞,并能够自动化生成可绕过的攻击向量。 相似文献
15.
16.
针对多数恶意代码分类研究都基于家族分类和恶意、良性代码分类,而种类分类比较少的问题,提出了多特征融合的恶意代码分类算法。采用纹理图和反汇编文件提取3组特征进行融合分类研究,首先使用源文件和反汇编文件提取灰度共生矩阵特征,由n-gram算法提取操作码序列;然后采用改进型信息增益(IG)算法提取操作码特征,其次将多组特征进行标准化处理后以随机森林(RF)为分类器进行学习;最后实现了基于多特征融合的随机森林分类器。通过对九类恶意代码进行学习和测试,所提算法取得了85%的准确度,相比单一特征下的随机森林、多特征下的多层感知器和Logistic回归算法分类器,准确率更高。 相似文献
17.
I. E. Bocharova F. Hug R. Johannesson B. D. Kudryashov 《Problems of Information Transmission》2011,47(1):1-14
Constructions of woven graph codes based on constituent convolutional codes are studied, and examples of woven convolutional
graph codes are presented. Existence of codes satisfying the Costello lower bound on the free distance within a random ensemble
of woven graph codes based on s-partite, s-uniform hypergraphs is shown, where s depends only on the code rate. Simulation results for Viterbi decoding of woven graph codes are presented and discussed. 相似文献
18.
为了在语料库中找出源代码的真实作者,提出了一种代码耦合度与程序依赖图特征结合的神经网络模型CPNN来识别源代码作者.首先,使用从源代码中提取的参数、扇入和扇出等特征计算代码的耦合度.其次,从转换的程序依赖图中提取控制和数据依赖项,应用预处理技术将PDG特征转换为具有频率细节的小实例,并且利用逆文档频率技术放大源代码中每个PDG特性的重要性.最后,利用CPNN模型预测程序员的编码风格特征,并对编码风格的真正作者进行属性划分.在1000名程序员的源代码数据集上进行作者归属预测,得到了95% 的准确率. 相似文献
19.
缓冲区溢出目前已成为最常见的软件安全漏洞之一,从源代码形式来看,常见的缓冲区溢出漏洞主要有两种类型:数据拷贝和格式化字符串造成的缓冲区溢出.分析了常见缓冲区溢出漏洞发生的原因,给出了格式化字符串存储长度的计算方法,介绍了一种基于源代码静态分析的缓冲区溢出检测算法,该算法首先对源代码进行建模,构造其抽象语法树、符号表、控制流图、函数调用图,在此基础上运用区间运算技术来分析和计算程序变量及表达式的取值范围,并在函数间分析中引入函数摘要来代替实际的函数调用.最后使用该方法对开源软件项目进行检测,结果表明该方法能够有效地、精确地检测缓冲区溢出. 相似文献