| 基于行为特征的恶意代码检测方法 |
| |
| 引用本文: | 左黎明,汤鹏志,刘二根,徐保根. 基于行为特征的恶意代码检测方法[J]. 计算机工程, 2012, 38(2): 129-131 |
| |
| 作者姓名: | 左黎明 汤鹏志 刘二根 徐保根 |
| |
| 作者单位: | 华东交通大学基础科学学院,南昌,330013 |
| |
| 基金项目: | 国家自然科学基金资助项目(11061014); 江西省教育厅青年科学基金资助项目(GJJ10129) 江西省教育厅科研基金资助项目(GJJ10708) |
| |
| 摘 要: | 研究基于行为特征的恶意代码检测模型及其实现方式,并分析实现中的关键技术。使用自定义行为特征编码模板进行恶意代码匹配,将短周期内2次匹配成功作为判定恶意代码的标准,利用最大熵原理分析2次恶意代码行为的信息论特征。实验结果表明,该方法具有较低的病毒检测误报率和漏报率,并且能有效防范未知恶意代码。
|
| 关 键 词: | 数据安全 恶意代码 行为特征 病毒检测 最大熵 |
| 收稿时间: | 2011-04-20 |
Malicious Code Detection Method Based on Behavior Characteristic |
| |
| ZUO Li-ming , TANG Peng-zhi , LIU Er-gen , XU Bao-gen. Malicious Code Detection Method Based on Behavior Characteristic[J]. Computer Engineering, 2012, 38(2): 129-131 |
| |
| Authors: | ZUO Li-ming TANG Peng-zhi LIU Er-gen XU Bao-gen |
| |
| Affiliation: | (School of Basic Science,East China Jiaotong University,Nanchang 330013,China) |
| |
| Abstract: | This paper researches the model for detection method of malicious codes based on characteristics of malicious behaviors,and analyzes the key techniques in the realization.The method uses customizing code of the malicious behavior to match and uses two malicious behaviors in short period as the decision-making standard,the information entropy characteristics of the two malicious behaviors are analyzed by the maximum entropy principle.Experimental result shows that the method works in most cases of detection and only has minor errors in few conditions,and it has very positive sense for unknown malicious code detection. |
| |
| Keywords: | data security malicious code behavior characteristic virus detection maximum entropy |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
