基于SVM的计算机病毒检测系统

自从第一例计算机病毒被发现以来，特征码法一直是病毒检测的基本方法。但是，病毒的复杂化和变形病毒的出现，限制了该法的有效应用。本文提出一种基于支持SVM的通用病毒智能检测方法，通过支持SVM算法的应用，使得检测系统在小样本的情形下仍具有良好的泛化能力。然后，以系统API函数调用执行迹为例，测试了该法的检测性能，并
将实验结果与其他检测方法进行了比较。实验表明，API函数调用序列在区分正常与恶意PE格式程序文件上有很好的辨别力，发现基于支持SVM的病毒检测系统所需要的先验知
知识小于其他方法。而且，当检测性能相当时，系统的训练时间将会缩短。

A SVM-Based Computer Virus Detection System

Since the first computer virus was found, scanning detection has been used as a primary method in virus detection systems. As viruses become more complex and sophisticated, the scanning detection method is no longer able to detect the various forms of malicious code effectively. We explore the idea of automatically detecting viruses based on Support Vector Machine ( SVM) and not strictly dependent on certain viruses. By utilizing SVM, the generalizing ability of virus detection systems is still good when the sample size is small. An experiment using the system API function call trace is given to illustrate the performance of this method. Finally,the comparison of detection abilities between the above detection method and others is given. Evidence shows that the sequences of the operating system API function calls executed by the running programs are a good discriminator between benign and malicious PE files,the detection system based on SVM needs less priori knowledge than other methods,and can shorten the training time under the same detection performance condition.