排序方式: 共有297条查询结果,搜索用时 15 毫秒
1.
A novel method for fast and accurately tracing reused code was proposed. Based on simhash and inverted in-dex, the method can fast trace similar functions in massive code. First of all, a code database with three-level inverted in-dex structures was constructed. For the function to be traced, similar code blocks could be found quickly according to simhash value of the code block in the function code. Then the potential similar functions could be fast traced using in-verted index. Finally, really similar functions could be identified by comparing jump relationships of similar code blocks. Further, malware samples containing similar functions could be traced. The experimental results show that the method can quickly identify the functions inserted by compilers and the reused functions based on the code database under the premise of high accuracy and recall rate. 相似文献
2.
Aiming at the defect of vote principle in random forest algorithm which is incapable of distinguishing the differences between strong classifier and weak classifier,a weighted voting improved method was proposed,and an improved random forest classification (IRFCM) was proposed to detect Android malware on the basis of this method.The IRFCM chose Permission information and Intent information as attribute features from AndroidManifest.xml files and optimized them,then applied the model to classify the final feature vectors.The experimental results in Weka environment show that IRFCM has better classification accuracy and classification efficiency. 相似文献
3.
Security tools are rapidly developed as network security threat is becoming more and more serious. To overcome the fundamental limitation of traditional host based anti malware system which is likely to be deceived and attacked by malicious codes, VMM based anti malware systems have recently become a hot research field. In this article, the existing malware hiding technique is analyzed, and a detecting model for hidden process based on “In VM” idea is also proposed. Based on this detecting model, a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully. This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies. In order to detect the malwares which use remote injection method to hide themselves, a method by hijacking sysenter instruction is also proposed. Experiments show that the proposed methods guarantee the isolation of virtual machines, can detect all malware samples, and just bring little performance loss. 相似文献
4.
5.
从两部委对信息安全监控提出的新需求入手,分析并提出了信息安全发展的两个趋势——个性化和全面有效覆盖。面对新需求通过两个建设方案实例分析,提出如何从信息安全中挖掘服务和业务价值。最后总结了创造信息安全服务价值面临的挑战,并提出信息安全服务架构的思路。 相似文献
6.
7.
计算机反病毒厂商每天接收成千上万的病毒样本,如何快速有效地将这些海量样本家族化是一个亟待解决的问题。提出了一种可伸缩性的聚类方法,面对输入海量的病毒样本向量化特征集,使用局部敏感哈希索引技术进行初次快速聚类,使用扩展K均值算法进行二次细致聚类。实验表明该聚类方法在有限牺牲准确度的情况下,大为提高了病毒聚类的时间效率。 相似文献
8.
9.
提出了一个较灵活、可扩展的方法, 它是基于更细致的运行特征: API函数调用名、API函数的输入参数及两种特征的结合。抽取以上三类特征, 借助信息论中的熵, 定义了恶意代码信息增益值的概念, 并计算相应的API及其参数在区分恶意软件和良性软件时的信息增益值, 进而选择识别率高的特征以减少特征的数目从而减少分析时间。实验表明, 少量的特征选取和较高的识别率使得基于API函数与参数相结合的检测方法明显优于当前主流的基于API序列的识别算法。 相似文献
10.
一种蓝牙环境下恶意程序的传播模型 总被引:1,自引:0,他引:1
在分析蓝牙恶意程序传播过程的基础上,将蓝牙协议的作用及设备移动方武抽象为若干个统计学参数,通过理论推导建立了一种蓝牙恶意程序传播动力学的分析模型.该模型表明,认证机制等安全措施的引入可大大降低蓝牙恶意程序的传播过程,这对设计安全的蓝牙协议及设备具有积极的意义.仿真结果表明,该模型能够很好地描述蓝牙环境下恶意程序的传播特性. 相似文献