| C4.5算法在未知恶意代码识别中的应用 |
| |
| 引用本文: | 朱立军,徐玉芬. C4.5算法在未知恶意代码识别中的应用[J]. 沈阳化工学院学报, 2013, 27(1): 78-82,96 |
| |
| 作者姓名: | 朱立军 徐玉芬 |
| |
| 作者单位: | 1. 沈阳化工大学计算机科学与技术学院,辽宁沈阳,110142
2. 辽宁兵器工业职工大学,辽宁沈阳,110045 |
| |
| 摘 要: | 基于行为的分析方法是恶意代码检测技术的发展方向,但存在误报率和漏报率较高的问题,故提出一种在Windows平台下检测未知恶意代码的新方法,以PE文件动态调用的API函数为研究对象,使用足长度的滑动窗口提取代码的所有特征属性,并采用决策树C4.5算法来检测未知恶意代码.实验结果表明,与其他基于行为的恶意代码识别算法相比,该算法具有较低的漏报率和误报率.
|
| 关 键 词: | 决策树C4 5 恶意代码 动态行为 合法代码 稀疏矩阵 |
Application of C4.5 Algorithm in Unknown Malicious Code Identification |
| |
| ZHU Li-jun , XU Yu-fen. Application of C4.5 Algorithm in Unknown Malicious Code Identification[J]. Journal of Shenyang Institute of Chemical Technolgy, 2013, 27(1): 78-82,96 |
| |
| Authors: | ZHU Li-jun XU Yu-fen |
| |
| Affiliation: | 1.Shenyang University of Chemical Technology,Shenyang 110142,China; 2.Liaoning Worker University of Weapon Industry,Shenyang 110045,China) |
| |
| Abstract: | Although the rate of false positive and the false negative is very high, the method based on behavior analysis is the direction of malicious code detection. Based on the API function called by PE files dynamically, a method for unknown virus detection in Window platform is proposed by decision tree C4. 5, in which all feature attributes are extracted by a sliding window of K-length. The experimental result shows that, compared with other algorithms of unknown malicious code detection, the algorithm of decision tree C4. 5 has a lower rate of false positive and false negative. |
| |
| Keywords: | decision tree c4.5 malicious code dynamic behavior legal code sparse matrix |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
