| 基于Win32 API的未知病毒检测 |
| |
| 引用本文: | 陈亮,郑宁,郭艳华,徐明,胡永涛.基于Win32 API的未知病毒检测[J].计算机应用,2008,28(11):2829-2831. |
| |
| 作者姓名: | 陈亮 郑宁 郭艳华 徐明 胡永涛 |
| |
| 作者单位: | 1. 杭州电子科技大学,计算机学院,杭州,310018
2. 公安部第三研究所,上海,201204 |
| |
| 基金项目: | 浙江省自然科学基金,浙江省科技厅资助项目,上海市科委资助项目 |
| |
| 摘 要: | 提出了一个基于行为特征向量的病毒检测方法。特征向量的每一维用于表示一种恶意行为事件,每一事件由相应的Win32应用程序编程接口(API)调用及其参数表示,并实现了一个自动化行为追踪系统(Argus)用于行为特征的提取。试验中,通过对样本数据的分析,利用互信息对特征向量进行属性约简,减少特征维数。试验结果表明,约简后的模型对于发生行为事件数大于1的病毒程序仍有着较好的检测效果。
|
| 关 键 词: | 恶意行为 Win32应用程序编程接口 互信息 属性约简 |
| 收稿时间: | 2008-05-26 |
Unknown virus detection based on Win32 API |
| |
| CHEN Liang,ZHENG Ning,GUO Yan-hua,XU Ming,HU Yong-tao.Unknown virus detection based on Win32 API[J].journal of Computer Applications,2008,28(11):2829-2831. |
| |
| Authors: | CHEN Liang ZHENG Ning GUO Yan-hua XU Ming HU Yong-tao |
| |
| Affiliation: | CHEN Liang1,ZHENG Ning1,GUO Yan-hua1,XU Ming1,HU Yong-tao2(1.School of Computer Science,Hangzhou Dianzi University,Hangzhou Zhejiang 310018,China,2.The Third Research Institute of Ministry of Public Security,Shanghai 201204,China) |
| |
| Abstract: | This paper proposed a virus detection method using behavior feature vector. Each dimension of the vector stood for a malicious behavior event represented by corresponding Win32 API calls and their certain parameters. An automatic executable behavior tracing system (Argus) was also implemented to dynamically capture the events. In the experiment, attribute reduction was applied to mutual information to decrease the number of dimension after an analysis of the sample dataset. Experimental result suggests that model after attribute reduction is still efficient in detecting unknown virus which has more than one event captured. |
| |
| Keywords: | malicious behavior Win32 Applications Programming Interface (API) mutual information attribute reduct |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
