基于相识度的恶意代码检测

特征码的识别方法仅能识别已知的恶意代码,并未解决恶意代码的判别问题.当前基于行为的扫描和启发式扫描也只是关注恶意代码的单个的危险行为点,误报率很高.侧重挖掘行为之间的关系,采用矩阵将待测代码的行为及行为之间的关系进行描述、测量,由此提出一种基于相识度的恶意代码检测方法.相识度是系统对待测代码的熟悉程度.根据相识度的大小来判断待测代码是否为恶意代码,相识度越大,待测代码是恶意代码的可能性就越小.在此基础上,提出了相应的恶意代码检测算法,通过实例验证了该方法的有效性.

Detection of Malware Code Based on Acquaintance Degree

Signature recognition method can only identify the known malicious code,did not solve the problem of the discrimination of the malicious code.The current method based on behavior and heuristic scanning only pays attention to the single danger action point of malicious code,and has a high rate of false positives.The paper focused on the relationship between behaviors,described and tested behaviors and the relationship between behaviors by matrix,then gave a malicious code detection method based on acquaintance degree.Acquaintance degree is the familiarity degree of the system to under-test code.According to the size of the acquaintance degree,whether the under-test code is malicious code can be judged,the greater the acquaintance degree,the smaller the possibility of being malicious code.An algorithm of detecting malware behavior was given and its feasibility was justified through real example test.