共查询到20条相似文献,搜索用时 31 毫秒
1.
Malware detection and homology analysis has been the hotspot of malware analysis.API call graph of malware can represent the behavior of it.Because of the subgraph isomorphism algorithm has high complexity,the analysis of malware based on the graph structure with low efficiency.Therefore,this studies a homology analysis method of API graph of malware that use convolutional neural network.By selecting the key nodes,and construct neighborhood receptive field,the convolution neural network can handle graph structure data.Experimental results on 8 real-world malware family,shows that the accuracy rate of homology malware analysis achieves 93%,and the accuracy rate of the detection of malicious code to 96%. 相似文献
2.
Aiming at the logical similarity of the behavioral characteristics of malware belonging to the same family,the characteristics of malware were extracted by tracking the logic rules of API function call from the perspective of behavior detection,and the static analysis and dynamic analysis methods were combined to analyze malicious behavior characteristics.In addition,according to the purpose,inheritance and diversity of the malware family,the transitive closure relationship of the malware family was constructed,and then the incremental clustering method based on Gaussian mixture model was improved to identify the malware family.Experiments show that the proposed method can not only save the storage space of malware detection,but also significantly improve the detection accuracy and recognition efficiency. 相似文献
3.
Support vector machine (SVM) active learning plays a key role in the interactive content‐based image retrieval (CBIR) community. However, the regular SVM active learning is challenged by what we call “the small example problem” and “the asymmetric distribution problem.” This paper attempts to integrate the merits of semi‐supervised learning, ensemble learning, and active learning into the interactive CBIR. Concretely, unlabeled images are exploited to facilitate boosting by helping augment the diversity among base SVM classifiers, and then the learned ensemble model is used to identify the most informative images for active learning. In particular, a bias‐weighting mechanism is developed to guide the ensemble model to pay more attention on positive images than negative images. Experiments on 5000 Corel images show that the proposed method yields better retrieval performance by an amount of 0.16 in mean average precision compared to regular SVM active learning, which is more effective than some existing improved variants of SVM active learning. 相似文献
4.
Mobile malware is rapidly increasing and its detection has become a critical issue. In this study, we summarize the common characteristics of this mali-cious software on Android platform. We design a de-tection engine consisting of six parts: decompile, grammar parsing, control flow and data flow analysis, safety analysis, and comprehensive evaluation. In the comprehensive evaluation, we obtain a weight vector of 29 evaluation indexes using the analytic hierarchy process. During this process, the detection engine ex-ports a list of suspicious API. On the basis of this list, the evaluation part of the engine performs a compre-hensive evaluation of the hazard assessment of soft-ware sample. Finally, hazard classification is given for the software. The false positive rate of our approach for detecting malware samples is 4. 7% and normal samples is 7.6% . The experimental results show that the accuracy rate of our approach is almost similar to the method based on virus signatures. Compared with the method based on virus signatures, our approach performs well in detecting unknown malware. This approach is promising for the application of malware detection. 相似文献
5.
6.
提出一种基于纹理指纹的恶意代码特征提取及检测方法,通过结合图像分析技术与恶意代码变种检测技术,将恶意代码映射为无压缩灰阶图片,基于纹理分割算法对图片进行分块,使用灰阶共生矩阵算法提取各个分块的纹理特征,并将这些纹理特征作为恶意代码的纹理指纹;然后,根据样本的纹理指纹,建立纹理指纹索引结构;检测阶段通过恶意代码纹理指纹块生成策略,采用加权综合多分段纹理指纹相似性匹配方法检测恶意代码变种和未知恶意代码;在此基础上,实现恶意代码的纹理指纹提取及检测原型系统。通过对6种恶意代码样本数据集的分析和检测,完成了对该系统的实验验证。实验结果表明,基于上述方法提取的特征具有检测速度快、精度高等特点,并且对恶意代码变种具有较好的识别能力。 相似文献
7.
当前智能手机市场中,Android占有很大的市场份额,又因其他的开源,基于Android系统的智能手机很容易成为攻击者的首选目标。随着对Android恶意软件的快速增长,Android手机用户迫切需要保护自己手机安全的解决方案。为此,对多款Android恶意软件进行静态分析,得出Android恶意软件中存在危险API列表、危险系统调用列表和权限列表,并将这些列表合并,组成Android应用的混合特征集。应用混合特征集,结合主成分分析(PCA)和支持向量机(SVM),建立Android恶意软件的静态检测模型。利用此模型实现仿真实验,实验结果表明,该方法能够快速检测Android应用中恶意软件,且不用运行软件,检测准确率较高。 相似文献
8.
9.
People-centric sensing (PCS) is an emerging paradigm of sensor network which turns daily used mobile devices (such as smartphones and PDAs) to sensors. It is promising but faces severe security problems. As smartphones are already and will keep up to be attractive targets to attackers, even more, with strong connectivity and homogeneous applications, all mobile devices in PCS will risk being infected by malware more rapidly. Even worse, attackers usually obfuscate their malwares in order to avoid simple (syntactic signature based) detection. Thus, more intelligent (behavioral signature based) detection is needed. But in the field of network security, the state-of-the-art behavioral signature—behavior graph—is too complicated to be used in mobile devices. This paper proposes a novel behavioral signature generation system—SimBehavior—to generate lightweight behavioral signature for malware detection in PCS. Generated lightweight behavioral signature is a bit like regex (regular expression) rules. And thus, unlike malware detection using behavior graph is NP-Complete, using our lightweight behavioral signature is efficient and very suitable for malware detection in PCS. Our experimental results show that SimBehavior can extract behavioral signatures effectively, and generated lightweight behavioral signatures can be used to detect new malware samples in PCS efficiently and effectively. 相似文献
10.
一种改进Parlay API增强呼叫等待保持能力的方法 总被引:1,自引:0,他引:1
通过对呼叫等待业务实例的深入分析得出Parlay API4.0规范缺乏呼叫等待保持能力,提出了一种修订终端呼叫腿状态机和增加功能接口的方法,该方法可以在保持Parlay API后向兼容性和不改变呼叫控制模型的同时增强呼叫等待保持能力,最后给出一个基于改进了的Parlay API的呼叫等待业务实例流程。 相似文献
11.
12.
针对Android手机安全受恶意软件威胁越来越严重这一问题,提出一种改进的Android恶意软件检测算法。监控从Android移动设备应用程序获取的多种行为特征值,应用机器学习技术,通过与卡方检验滤波测试结合的方式改进传统的朴素贝叶斯算法,检测Android系统中的恶意软件。通过实验仿真,结果表明在采取朴素贝叶斯分类模型之前,使用卡方检验过滤应用程序的行为特征,可以使基于Android的恶意软件检测技术拥有较低的误报率和较高的精度。 相似文献
13.
14.
A new malware detection method based on APK signature of information feedback (SigFeedback) was proposed.Based on SVM classification algorithm,the method of eigenvalue extraction adoped heuristic rule learning to sig APK information verify screening,and it also implemented the heuristic feedback,from which achieved the purpose of more accurate detection of malicious software.SigFeedback detection algorithm enjoyed the advantage of the high detection rate and low false positive rate.Finally the experiment show that the SigFeedback algorithm has high efficiency,making the rate of false positive from 13% down to 3%. 相似文献
15.
从平面无线传感器网络的拓扑结构、无线共享通信及安全机制等固有特征出发,对无线传感器网络上的恶意软件传播动力学进行研究。首先,使用随机几何图建立平面无线传感器网络模型;然后,基于元胞自动机理论建立恶意软件SI(Susceptible—Infected)传播模型,该模型充分考虑无线传感器网络固有特征和传播特征,模型建立引入MAC机制和随机密钥预分布方案。分析和仿真表明,无线传感器网络的空间局域化结构特征、无线信道共享机制和安全管理应用主导了传播增长效果,限制了恶意软件传播速度,降低了在无线传感器网络中大规模流行恶意软件的风险。文中提出的模型能够描述无线传感器网络中恶意软件传播行为,为建立无线传感器网络安全防御机制提供了基础。 相似文献
16.
Enmin Zhu Jianjie Zhang Jijie Yan Kongyang Chen Chongzhi Gao 《Digital Communications & Networks》2022,8(4):485-491
In recent years, many adversarial malware examples with different feature strategies, especially GAN and its variants, have been introduced to handle the security threats, e.g., evading the detection of machine learning detectors. However, these solutions still suffer from problems of complicated deployment or long running time. In this paper, we propose an n-gram MalGAN method to solve these problems. We borrow the idea of n-gram from the Natural Language Processing (NLP) area to expand feature sources for adversarial malware examples in MalGAN. Generally, the n-gram MalGAN obtains the feature vector directly from the hexadecimal bytecodes of the executable file. It can be implemented easily and conveniently with a simple program language (e.g., C++), with no need for any prior knowledge of the executable file or any professional feature extraction tools. These features are functionally independent and thus can be added to the non-functional area of the malicious program to maintain its original executability. In this way, the n-gram could make the adversarial attack easier and more convenient. Experimental results show that the evasion rate of the n-gram MalGAN is at least 88.58% to attack different machine learning algorithms under an appropriate group rate, growing to even 100% for the Random Forest algorithm. 相似文献
17.
Howard Bussey Steven Minzer Petros Mouchtaris Stanley L. Moyer Frederick Porter 《International Journal of Communication Systems》1994,7(2):149-160
The experimental ATM network services environment (EXPANSE) prototype provides an experimental testbed for multimedia multiparty telecommunications services over heterogeneous communications networks. The EXPANSE software architecture supports the functional separation of call and connection control. At the call control layer an object-oriented, transaction-based call model provides for the co-ordination of the negotiations among users for the establishment, modification and disconnection of telecommunications services. The connection control layer provides an object-oriented protocol for the dynamic establishment, modification and release of network connections which include the control and allocation of network resources required for multimedia multiparty services. The EXPANSE software includes an application programming interface (API) to the signalling protocol at the call control level. The API provides a uniform and powerful interface to the call model and allows different applications to co-ordinate the control of local resources and session state. 相似文献
18.
19.
下一代网络开放业务接口的研究 总被引:2,自引:2,他引:0
下一代网络是基于业务驱动的网络,开放性是下一代网络的重要特征。在分析研究一些典型的开放接口技术基础上,针对Parlay X业务呼叫接口存在的缺陷,提出Parlay X增强型业务呼叫接口的改进方案,并给出其实现模型。通过使用增强型呼叫接口,应用开发商不需要掌握详细的电信知识,就能对呼叫进行持续并且有效的监控,并且以更为灵活的交互方式为用户提供丰富多彩的特殊资源。 相似文献
20.
Kumar Sathish A. P. Nair Resmi R. Kannan E. Suresh A. Raj Anand S. 《Wireless Personal Communications》2022,126(1):679-700
Android smartphones are employed widely due to its flexible programming system with several user-oriented features in daily lives. With the substantial growth rate of smartphone technologies, cyber-attack against such devices has surged at an exponential rate. Majority of the smartphone users grant permission blindly to various arbitrary applications and hence it weakens the efficiency of the authorization mechanism. Numerous approaches were established in effective malware detection, but due to certain limitations like low identification rate, low malware detection rate as well as category detection, the results obtained are ineffective. Therefore, this paper proposes a convolutional neural network based adaptive red fox optimization (CNN-ARFO) approach to detect the malware applications as benign or malware. The proposed approach comprising of three different phases namely the pre-processing phase, feature extraction phase and the detection phase for the effective detection of android malware applications. In the pre-processing phase, the selected dataset utilizes Minmax technique to normalize the features. Then the malicious APK and the collected benign apps are investigated to identify and extract the essential features for the proper functioning of malware in the extraction phase. Finally, the android mobile applications are detected using CNN based ARFO approach. Then the results based on detecting the benign and malicious applications from the android mobiles are demonstrated by evaluating certain parameters like model accuracy rate, model loss rate, accuracy, precision, recall and f-measure. The resulting outcome revealed that the detection accuracy achieved by the proposed approach is 97.29%.
相似文献