排序方式: 共有365条查询结果,搜索用时 0 毫秒
1.
在Web安全问题的研究中,如何提高Web恶意代码的检测效率一直是Web恶意代码检测方法研究中需要解决的问题。为此,针对跨站脚本漏洞、ActiveX控件漏洞和Web Shellcode方面的检测,提出一种基于行为语义分析的Web恶意代码检测机制。通过对上述漏洞的行为和语义进行分析,提取行为特征,构建Web客户端脚本解析引擎和Web Shellcode检测引擎,实现对跨站脚本漏洞、ActiveX控件漏洞和Web Shellcode等的正确检测,以及对Web Shellcode攻击行为进行取证的功能。实验分析结果表明,新的Web恶意代码检测机制具有检测能力强、漏检率低的性能。 相似文献
2.
Android移动平台中恶意软件变种数量与日俱增,为了能够高效快速地检测出变种样本,提出一种能够根据Apk中字符串以及函数长度分布特征,来生成模糊哈希值的方法,使得同类变种的恶意软件间的哈希值相似。在对变种恶意软件进行检测时,首先利用k-means方法对已知病毒库所产生的模糊哈希值进行聚类,从而简化病毒库。再利用哈密顿距离来计算其与病毒库中各模糊哈希间哈密顿距离。当距离小于阈值,则表示检测到变种。实验结果表明,提出的方法具有检测速度快,抗干扰能力强等特点。 相似文献
3.
With the growing number of malware, malware analysis technologies need to be advanced continuously. Malware authors use various packing techniques to hide their code from malware detection tools and techniques. The packing techniques are generally used to compress and encrypt executable code in executable files, and the unpacking code is usually embedded in the executable files. Therefore, packed executable files can be executed by itself, and the information associated with packing can be used to analyze and detect malware. Since different packing tools will generate different packed executable files, packing tools can be identified by analyzing packed executable files, and packer identification can reduce malware‐analyzing overheads, and the executable files can even be unpacked. However, most previous studies focused on packing detection using signatures of unpacking code, and these approaches can be avoided by placing unpacking code in other locations or by distributing unpacking code in multiple locations. In this paper, we propose a new packer identification method by analyzing only code sections to extract features of malware generated by different packing tools. Experimental results show that our approach can identify different packing tools with the accuracy of 91.6% on average. Considering packer identification is the harder problem than packing detection, we argue that our approach can contribute to reducing overheads of malware analysis. 相似文献
4.
Chee Keong Ng Sutharshan Rajasegarar Lei Pan Frank Jiang Leo Yu Zhang 《Concurrency and Computation》2020,32(14)
This research presents a novel framework comprising the IPS gateway, analysis system, and honeypot for identifying and detecting ransomware based on the client honeypot concept, and active interception of downloads using Suricata inline intruder prevention system. Unlike previous frameworks that report on the accuracy rate of detecting ransomware, the proposed framework features a multiple voting platform for the validation of confidence levels in the accuracy detection rates. The proposed framework achieves high accuracy levels than other machine learning models for the detection of ransomware. 相似文献
5.
Nowadays, most of the services from cloud are protuberant within the all commercial, public, and private areas. A primary difficulty of cloud computing system is making a virtualized environment safe from all intruders. The existing system uses signature-based methods, which cannot provide accurate detection of malware. This paper put forward an approach to detect the malware by using the approach based on feature extraction and various classification techniques. Initially the clean files and malware files are extracted. The feature selection includes gain ratio to provide subset features. The classification is used to predict any malware that has been entered in the mobile device. In this paper, it is proposed to use the ensemble classifier which contains different kinds of classifiers such as Support Vector Machine, K-Nearest Neighbor, and Naïve Bayes classification. These together are known as a meta classifier. These three classification methods had been used for proposed work and get the results with higher accuracy. This measures the correctness of the prediction happened using ensemble method with high precision and recall values which is specifically identifies the quality of the techniques used. 相似文献
6.
7.
8.
9.
目前针对未知的Android恶意应用可以采用机器学习算法进行检测,但传统的机器学习算法具有少于三层的计算单元,无法充分挖掘Android应用程序特征深层次的表达。文中首次提出了一种基于深度学习的算法DDBN (Data-flow Deep BeliefNetwork)对Android应用程序数据流特征进行分析,从而检测Android未知恶意应用。首先,使用分析工具FlowDroid和SUSI提取能够反映Android应用恶意行为的静态数据流特征;然后,针对该特征设计了数据流深度学习算法DDBN,该算法通过构建深层的模型结构,并进行逐层特征变换,将数据流在原空间的特征表示变换到新的特征空间,从而使分类更加准确;最后,基于DDBN实现了Android恶意应用检测工具Flowdect,并对现实中的大量安全应用和恶意应用进行检测。实验结果表明,Flowdect能够充分学习Android应用程序的数据流特征,用于检测未知的Android恶意应用。通过与其他基于传统机器学习算法的检测方案对比,DDBN算法具有更优的检测效果。 相似文献
10.