| 基于动态行为的未知恶意代码识别方法 |
| |
| 引用本文: | 朱立军.基于动态行为的未知恶意代码识别方法[J].沈阳化工学院学报,2012,26(1):77-80. |
| |
| 作者姓名: | 朱立军 |
| |
| 作者单位: | 沈阳化工大学计算机科学与技术学院,辽宁沈阳,110142 |
| |
| 摘 要: | "特征码"法虽然可以准确地检测出已知的恶意代码,但是对未知的恶意代码的识别却无能为力.目前基于代码动态行为的分析方法是未知恶意代码检测技术的发展方向.本文通过对未知恶意代码在植入、安装及启动时调用的API序列作为依据,并分别使用最小距离分类器、K-最近邻、余弦相似度等分类方法对它进行识别,实验表明:对于未知恶意代码的识别,不同的分类算法有不同的优缺点,所以,具体选择哪个算法,要根据恶意代码识别的具体要求而定.
|
| 关 键 词: | 恶意代码 动态行为 虚拟机 |
An Identification Method on Unknown Malicious Code Based on Dynamic Behaviour |
| |
| ZHU Li-jun.An Identification Method on Unknown Malicious Code Based on Dynamic Behaviour[J].Journal of Shenyang Institute of Chemical Technolgy,2012,26(1):77-80. |
| |
| Authors: | ZHU Li-jun |
| |
| Affiliation: | ZHU Li-jun (Shenyang University of Chemical Technology,Shenyang 110142,China) |
| |
| Abstract: | Although the method of feature code can identify the known malicious code,it is helpless against the unknown malicious code.By now,the method based on behavior analysis is the direction of malicious code detection.This paper takes the API sequences called by code as the detection basis to determine whether the code is malicious or not when the code is implanted,installed or launched,and employs minimum distance classifier,K-the nearest and cosine similarity to distinguish them respectively.The experiments result shows that different methods have different advantages and disadvantages,so the choice of different method depends on different demand. |
| |
| Keywords: | malicious code dynamic behavior virtual machine |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
