| 采用Win32 API相关行为分析的未知病毒检测方法 |
| |
| 引用本文: | 刘帅,吴艳霞,马春光,顾国昌,龙勤.采用Win32 API相关行为分析的未知病毒检测方法[J].计算机工程与应用,2011,47(27):119-121. |
| |
| 作者姓名: | 刘帅 吴艳霞 马春光 顾国昌 龙勤 |
| |
| 作者单位: | 1. 哈尔滨工程大学计算机科学与技术学院,哈尔滨,150001
2. 英特尔亚太研发有限公司,上海,200241 |
| |
| 基金项目: | 中央高校基本科研业务费专项资金(No.HEUCF100606,No.HEUCF100604); 国家教育部博士点专项基金(No.20092304120013); 黑龙江省青年科技专项基金(No.QC08C39)~~ |
| |
| 摘 要: | 针对目前基于行为分析的未知病毒检测方法需要运行可执行程序,无法检测出以静态形式存在计算机中的滴管等病毒的问题,提出了一种基于Win32 API相关行为检测PE未知病毒的方法。首先解析PE文件提取其调用的敏感Win32 API函数,然后将这些API函数按相关的恶意行为分类并形成维数固定的特征行为向量存入数据库。采用基于判别熵最小化的特征提取法自适应的精简特征项,最后利用改进的K-最近邻算法进行分类。实验结果表明,该方法具有较高的命中率和较低的漏判率,适用于"云安全"系统中未知病毒的检测。
|
| 关 键 词: | 未知病毒检测 特征提取 K-最近邻算法 精简特征项 |
| 修稿时间: | |
Method of unknown virus detection based on analysis of Win32 API behaviors |
| |
| LIU Shuai,WU Yanxia,MA Chunguang,GU Guochang,LONG Qin.Method of unknown virus detection based on analysis of Win32 API behaviors[J].Computer Engineering and Applications,2011,47(27):119-121. |
| |
| Authors: | LIU Shuai WU Yanxia MA Chunguang GU Guochang LONG Qin |
| |
| Affiliation: | LIU Shuai 1,WU Yanxia 1,MA Chunguang 1,GU Guochang 1,LONG Qin 21.College of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China 2.Intel Asia-Pacific Research & Development Ltd,Shanghai 200241,China |
| |
| Abstract: | In view of the current behavior-based unknown virus detection methods need to run executable programs and can't detect static virus such as dropper,the static method based on Win32 API behaviors for detecting unknown virus is proposed.Firstly parsing PE files to extract the sensitive Win32 API calls,then classifying the API functions based on malicious behavior and conducting a fixed dimension characteristic behavior vector into a database.With the feature extraction method of minimizing discriminant entrop... |
| |
| Keywords: | unknown virus detection feature extraction K-Nearest Neighbo(rKNN) algorithm reduce feature item |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程与应用》浏览原始摘要信息 |
|
点击此处可从《计算机工程与应用》下载全文 |
|
