| 恶意代码的函数调用图相似性分析 |
| |
| 引用本文: | 刘,星,唐,勇.恶意代码的函数调用图相似性分析[J].计算机工程与科学,2014,36(3):481-486. |
| |
| 作者姓名: | 刘 星 唐 勇 |
| |
| 基金项目: | 国家自然科学基金资助项目(61003303) |
| |
| 摘 要: | 恶意代码的相似性分析是当前恶意代码自动分析的重要部分。提出了一种基于函数调用图的恶意代码相似性分析方法,通过函数调用图的相似性距离SDMFG来度量两个恶意代码函数调用图的相似性,进而分析得到恶意代码的相似性,提高了恶意代码相似性分析的准确性,为恶意代码的同源及演化特性分析研究与恶意代码的检测和防范提供了有力支持。
|
| 关 键 词: | 恶意代码 函数调用图 图的相似性距离 指令序列 最大权匹配 |
| 收稿时间: | 2012-12-03 |
| 修稿时间: | 2014-03-25 |
Similarity analysis of malware’s function-call graphs |
| |
| LIU Xing,TANG Yong.Similarity analysis of malware’s function-call graphs[J].Computer Engineering & Science,2014,36(3):481-486. |
| |
| Authors: | LIU Xing TANG Yong |
| |
| Affiliation: | (College of Computer,National University of Defense Technology,Changsha 410073,China) |
| |
| Abstract: | The similarity analysis of malware is an important part of the current automatic analysis of malware. The paper proposes a new method of similarity analysis of malware based on function call graphs. This method uses the similarity distance of malware’s function-call graphs (called SDMFG) to measure the similarity of two malwares’ function-call graphs, and then analyzes the similarity of the two malwares. This method improves the accuracy of similarity analysis of malware, providing a strong support for analysis of the homology and evolution characteristics of malware and malware detection and prevention.Key words: |
| |
| Keywords: | malware function-call graph SDMFG instruction sequence max-weight matching |
| 本文献已被 CNKI 等数据库收录! |
| 点击此处可从《计算机工程与科学》浏览原始摘要信息 |
|
点击此处可从《计算机工程与科学》下载全文 |
