基于改进型循环神经网络的恶意代码分类检测

近年来,随着恶意代码检测技术的提升,网络攻击者开始倾向构建能自重写和重新排序的恶意代码,以避开安全软件的检测。传统的机器学习方法是基于安全人员自主设计的特征向量来判别恶意代码,对这种新型恶意代码缺乏检测能力。为此,文中提出了一种新的基于代码时序行为的检测模型,并采用回声状态网络、最大池化和半帧结构等方式对神经网络进行优化。与传统的检测模型相比,改进后的模型对恶意代码的检测率有大幅提升。     

基于Android的手机恶意代码检测与防护技术

随着通信技术以及移动终端的发展,Android系统由于其本身的开源性,滋生了大量的恶意代码。为了满足Android手机用户的安全需求,文中基于Android,采用SVM机器学习思想,构建了恶意代码检测模型,并开发了一套手机恶意代码检测与防护系统,可以对其进行快速检测和深度检测。系统经Android手机测试结果表明,其具有较好的检测精度以及较低的恶意代码漏报率。     

基于纹理指纹的恶意代码变种检测方法研究

提出一种基于纹理指纹的恶意代码特征提取及检测方法,通过结合图像分析技术与恶意代码变种检测技术,将恶意代码映射为无压缩灰阶图片,基于纹理分割算法对图片进行分块,使用灰阶共生矩阵算法提取各个分块的纹理特征,并将这些纹理特征作为恶意代码的纹理指纹;然后,根据样本的纹理指纹,建立纹理指纹索引结构;检测阶段通过恶意代码纹理指纹块生成策略,采用加权综合多分段纹理指纹相似性匹配方法检测恶意代码变种和未知恶意代码;在此基础上,实现恶意代码的纹理指纹提取及检测原型系统。通过对6种恶意代码样本数据集的分析和检测,完成了对该系统的实验验证。实验结果表明,基于上述方法提取的特征具有检测速度快、精度高等特点,并且对恶意代码变种具有较好的识别能力。     

Windows进程信息注入与API挂钩技术研究

主要研究了恶意代码入侵与防御两项基本技术。对于恶意代码的入侵方面,分别研究了动态链接库（DLL）注入技术以及应用程序编程接口（API）挂钩技术,然后在每项技术中分析了它们的几种常用实现方法;而在恶意代码的防御方面,分别指出了基于编译器、虚拟机和操作系统的相应的安全检测方法,并分别分析了它们的特性,包括其优点和缺点等。对于信息安全研究领域中的恶意代码攻防相关技术可提供有益的帮助。     

网页恶意代码检测系统研究

为了保护网页不被嵌入恶意代码,提出了一种基于网页文件代码分类检测技术的恶意代码检测系统,并完成了软件设计与开发.该系统采用J2EE技术开发,能够对网页文件进行代码分类扫描,并根据不同的扫描结果进行相应的处理.通过实际应用表明,采用代码分类检测技术能够高检出、低误报的识别出多种恶意代码,达到了设计要求.     

基于遗传算法的恶意代码对抗样本生成方法

机器学习已经广泛应用于恶意代码检测中,并在恶意代码检测产品中发挥重要作用。构建针对恶意代码检测机器学习模型的对抗样本,是发掘恶意代码检测模型缺陷,评估和完善恶意代码检测系统的关键。该文提出一种基于遗传算法的恶意代码对抗样本生成方法,生成的样本在有效对抗基于机器学习的恶意代码检测模型的同时,确保了恶意代码样本的可执行和恶意行为的一致性,有效提升了生成对抗样本的真实性和模型对抗评估的准确性。实验表明,该文提出的对抗样本生成方法使MalConv恶意代码检测模型的检测准确率下降了14.65%;并可直接对VirusTotal中4款基于机器学习的恶意代码检测商用引擎形成有效的干扰,其中,Cylance的检测准确率只有53.55%。     

基于Win32 API调用监控的恶意代码检测技术研究

论文首先分析了现有动态检测恶意代码技术的不足,指出其受恶意代码的旁路攻击和拟态攻击的可能。然后,提出了防范此类攻击的API陷阱技术和调用地址混淆技术。最后由此实现了一个基于Win32API调用监控的恶意代码检测系统,经实验证明,该系统能检测出已知和未知的恶意代码的攻击。     

一种高效的面向虚拟桌面恶意代码检测机制简

 与传统的恶意代码检测方式相比,面向虚拟桌面的恶意代码检测方法面临着性能方面的挑战,同一物理服务器上多个虚拟桌面同时开展恶意代码检测使得磁盘等硬件成为严重的IO性能瓶颈.本文提出了一种高效的虚拟桌面恶意代码检测方案,基于母本克隆技术的虚拟桌面恶意代码检测机制（MCIDS）,MCIDS根据虚拟桌面系统的特点,通过系统映像网络存储克隆技术以及部署在网络存储系统中的恶意代码引擎减少虚拟桌面系统中的恶意代码检测范围,有效减少恶意代码检测所需的磁盘IO开销;同时MCIDS还克服了传统“Out-of-the-Box”安全检测机制存在的语义差别问题,改善了系统的安全性能.在原型系统上的实验显示该方法在技术上是可行的,与现有方法相比MCIDS具有较好的性能优势.     

一种基于混合学习的恶意代码检测方法

近年来,自动化沙箱被广泛部署并应用于恶意代码分析与检测,然而随着恶意代码数量的激增和抗分析能力的增强,如何有效应对海量恶意代码分析任务,提高沙箱系统分析效率,是增强网络安全防御能力的一个重要研究方向.本文利用不同学习方式以及恶意代码动、静态特征的特点,提出了一种基于混合学习模型的恶意代码检测方法,分别提取恶意代码的静态...     

一种高效的面向虚拟桌面恶意代码检测机制

与传统的恶意代码检测方式相比,面向虚拟桌面的恶意代码检测方法面临着性能方面的挑战,同一物理服务器上多个虚拟桌面同时开展恶意代码检测使得磁盘等硬件成为严重的IO性能瓶颈.本文提出了一种高效的虚拟桌面恶意代码检测方案,基于母本克隆技术的虚拟桌面恶意代码检测机制(MCIDS),MCIDS根据虚拟桌面系统的特点,通过系统映像网络存储克隆技术以及部署在网络存储系统中的恶意代码引擎减少虚拟桌面系统中的恶意代码检测范围,有效减少恶意代码检测所需的磁盘IO开销;同时MCIDS还克服了传统"Out-of-the-Box"安全检测机制存在的语义差别问题,改善了系统的安全性能.在原型系统上的实验显示该方法在技术上是可行的,与现有方法相比MCIDS具有较好的性能优势.     

A Novel Game Theoretic Method for Efficient Downlink Resource Allocation in Dual Band 5G Heterogeneous Network

In this paper obfuscation techniques used by novel malwares presented and compared. IAT smashing, string encryption and dynamic programing are explained in static methods and hooking at user and kernel level of OS with DLL injection, modifying of SSDT and IDT table addresses, filter IRPs, and possessor emulation are techniques in dynamic methods. This paper suggest Approach for passing through malware obfuscation techniques. In order that it can analyze malware behaviors. Our methods in proposed approach are detection presence time of a malware at user and kernel level of OS, dumping of malware executable memory at correct time and precise hook installing. Main purpose of this paper is establishment of an efficient platform to analyze behavior and detect novel malwares that by use of metamorphic engine, packer and protector tools take action for obfuscation and metamorphosis of themself. At final, this paper use a dataset embeds different kind of obfuscated and metamorphic malwares in order to prove usefulness of its methods experiments. Show that proposed methods can confront most malware obfuscation techniques. It evaluated success rate to unpacking, obfuscated malwares and it shows 85% success rate to recognize kernel level malwares.     

“In-VM”模型的隐藏代码检测模型

Security tools are rapidly developed as network security threat is becoming more and more serious. To overcome the fundamental limitation of traditional host based anti malware system which is likely to be deceived and attacked by malicious codes, VMM based anti malware systems have recently become a hot research field. In this article, the existing malware hiding technique is analyzed, and a detecting model for hidden process based on “In VM” idea is also proposed. Based on this detecting model, a hidden process detection technology which is based on HOOK SwapContext on the VMM platform is also implemented successfully. This technology can guarantee the detecting method not to be attacked by malwares and also resist all the current process hiding technologies. In order to detect the malwares which use remote injection method to hide themselves, a method by hijacking sysenter instruction is also proposed. Experiments show that the proposed methods guarantee the isolation of virtual machines, can detect all malware samples, and just bring little performance loss.     

虚拟化环境下恶意软件攻击的修复机制

 恶意软件常常能够成功攻击虚拟机和其管理系统,使虚拟环境处于一种不安全、难以恢复的状态.传统的安全防护机制无法满足虚拟环境的安全要求,本文提出一种基于代理的检测和协作修复机制,通过多个虚拟机节点共享修复情况信息,快速获取有效的修复工具,提高恢复能力.模拟分析和仿真实验结果证明该机制的实用性和效率.     

Temporal and spatial outlier detection in wireless sensor networks

Outlier detection techniques play an important role in enhancing the reliability of data communication in wireless sensor networks (WSNs). Considering the importance of outlier detection in WSNs, many outlier detection techniques have been proposed. Unfortunately, most of these techniques still have some potential limitations, that is, (a) high rate of false positives, (b) high time complexity, and (c) failure to detect outliers online. Moreover, these approaches mainly focus on either temporal outliers or spatial outliers. Therefore, this paper aims to introduce novel algorithms that successfully detect both temporal outliers and spatial outliers. Our contributions are twofold: (i) modifying the Hampel Identifier (HI) algorithm to achieve high accuracy identification rate in temporal outlier detection, (ii) combining the Gaussian process (GP) model and graph‐based outlier detection technique to improve the performance of the algorithm in spatial outlier detection. The results demonstrate that our techniques outperform the state‐of‐the‐art methods in terms of accuracy and work well with various data types.     

基于对比权限模式的安卓恶意软件检测方法(英文)

As the risk of malware is sharply increasing in Android platform,Android malware detection has become an important research topic.Existing works have demonstrated that required permissions of Android applications are valuable for malware analysis,but how to exploit those permission patterns for malware detection remains an open issue.In this paper,we introduce the contrasting permission patterns to characterize the essential differences between malwares and clean applications from the permission aspect Then a framework based on contrasting permission patterns is presented for Android malware detection.According to the proposed framework,an ensemble classifier,Enclamald,is further developed to detect whether an application is potentially malicious.Every contrasting permission pattern is acting as a weak classifier in Enclamald,and the weighted predictions of involved weak classifiers are aggregated to the final result.Experiments on real-world applications validate that the proposed Enclamald classifier outperforms commonly used classifiers for Android Malware Detection.     

An Interfering Signal Detection Technique Using an Ultra Wideband Chirp Template Waveform

This paper discusses a coexisting signal detection technique for sharing the spectrum of an Ultra Wideband (UWB) radio with other radio systems. In some countries’ regulations, the Detection and Avoidance technique is required to be implemented in UWB systems so they do not interfere with other radio systems. In most interference avoidance techniques it is necessary to detect emissions of the interfering system and the interfering bands. In this paper, correlation detection is applied for interfering signal detection without band pass filters. In the detector, a Chirp-UWB is prepared as a template waveform. The signal received before UWB communications is correlated with the Chirp-UWB template waveform, and is then integrated. The integral period is decided from the sweep function of the Chirp-UWB and the interfering bands. Therefore the detection technique can detect arbitrary frequency band signals by modifying the integral period. The sweep function of the Chirp-UWB also improves the detection performance. A sine function is adopted for the sweep function of the chirp. The miss Detection Error Rate and False Alarm Rate are evaluated to show the effectiveness of the proposed interference detection technique.     

Generating Lightweight Behavioral Signature for Malware Detection in People-Centric Sensing

People-centric sensing (PCS) is an emerging paradigm of sensor network which turns daily used mobile devices (such as smartphones and PDAs) to sensors. It is promising but faces severe security problems. As smartphones are already and will keep up to be attractive targets to attackers, even more, with strong connectivity and homogeneous applications, all mobile devices in PCS will risk being infected by malware more rapidly. Even worse, attackers usually obfuscate their malwares in order to avoid simple (syntactic signature based) detection. Thus, more intelligent (behavioral signature based) detection is needed. But in the field of network security, the state-of-the-art behavioral signature—behavior graph—is too complicated to be used in mobile devices. This paper proposes a novel behavioral signature generation system—SimBehavior—to generate lightweight behavioral signature for malware detection in PCS. Generated lightweight behavioral signature is a bit like regex (regular expression) rules. And thus, unlike malware detection using behavior graph is NP-Complete, using our lightweight behavioral signature is efficient and very suitable for malware detection in PCS. Our experimental results show that SimBehavior can extract behavioral signatures effectively, and generated lightweight behavioral signatures can be used to detect new malware samples in PCS efficiently and effectively.     

Improving Automatic Detection of Defects in Castings by Applying Wavelet Technique

X-ray-based inspection systems are a well-accepted technique for identification and evaluation of internal defects in castings, such as cracks, porosities, and foreign inclusions. In this paper, some images showing typical internal defects in the castings derived from an X-ray inspection system are processed by some traditional methods and wavelet technique in order to facilitate automatic detection of these internal defects. An X-ray inspection system used to detect the internal defects of castings and the typical internal casting defects is first addressed. Second, the second-order derivative and morphology operations, the row-by-row adaptive thresholding, and the two-dimensional (2-D) wavelet transform methods are described as potentially useful processing techniques. The first method can effectively detect air-holes and foreign-inclusion defects, and the second one can be suitable for detecting shrinkage cavities. Wavelet techniques, however, can effectively detect the three typical defects with a selected wavelet base and multiresolution levels. Results indicate that 2-D wavelet transform is a powerful method to analyze images derived from X-ray inspection for automatically detecting typical internal defects in the casting     

基于权限频繁模式挖掘算法的Android恶意应用检测方法

Android应用所申请的各个权限可以有效反映出应用程序的行为模式,而一个恶意行为的产生需要多个权限的配合,所以通过挖掘权限之间的关联性可以有效检测未知的恶意应用。以往研究者大多关注单一权限的统计特性,很少研究权限之间关联性的统计特性。因此,为有效检测Android平台未知的恶意应用,提出了一种基于权限频繁模式挖掘算法的Android恶意应用检测方法,设计了能够挖掘权限之间关联性的权限频繁模式挖掘算法—PApriori。基于该算法对49个恶意应用家族进行权限频繁模式发现,得到极大频繁权限项集,从而构造出权限关系特征库来检测未知的恶意应用。最后,通过实验验证了该方法的有效性和正确性,实验结果表明所提出的方法与其他相关工作对比效果更优。     

IFF应答信号实时检测技术

为了在非合作条件下对敌我识别(Identification Friend or Foe,IFF)信号进行实时检测,分析IFF应答信号的特征,提出IFF应答信号实时检测技术,对其中基于多相滤波的正交变换、包络检波及脉冲参数精确测量等关键技术进行了分析,并在现场可编程门阵列(FPGA)中进行了实现及测试,证明该技术完全满足工程实现的需求。