| 一种基于行为集成学习的恶意代码检测方法 |
| |
| 引用本文: | 胥小波,张文博,何超,罗怡. 一种基于行为集成学习的恶意代码检测方法[J]. 北京邮电大学学报, 2019, 42(4): 89-95. DOI: 10.13190/j.jbupt.2018-318 |
| |
| 作者姓名: | 胥小波 张文博 何超 罗怡 |
| |
| 作者单位: | 中国电子科技网络信息安全有限公司, 成都610041;中国电子科技集团公司第三十研究所, 成都610041;中国电子科技网络信息安全有限公司,成都,610041 |
| |
| 摘 要: | 为了解决变种恶意代码、未知威胁行为恶意分析等问题,研究了基于梯度提升树的恶意代码分类方法,从大量样本中学习程序行为特征和指令序列特征,实现了智能恶意代码分类功能.将GBDT算法引入恶意代码检测领域,使模型结果行为序列具有可解释性,对恶意代码的检测能力大幅提高.GBDT算法能够客观地反映恶意代码的行为和意图本质,能够准确识别恶意代码.
|
| 关 键 词: | 恶意代码 未知威胁 梯度提升树 行为特征 |
| 收稿时间: | 2018-12-22 |
A Malicious Code Detection Method Based on Ensemble Learning of Behavior |
| |
| XU Xiao-bo,ZHANG Wen-bo,HE Chao,LUO Yi. A Malicious Code Detection Method Based on Ensemble Learning of Behavior[J]. Journal of Beijing University of Posts and Telecommunications, 2019, 42(4): 89-95. DOI: 10.13190/j.jbupt.2018-318 |
| |
| Authors: | XU Xiao-bo ZHANG Wen-bo HE Chao LUO Yi |
| |
| Affiliation: | 1. China Electronics Technology Cyber Security Company Limited, Chengdu 610041, China;
2. China Electronic Technology Group Corporation Thirtieth Research Institute, Chengdu 610041, China |
| |
| Abstract: | In order to solve the problem of variant malicious code and behavior analysis of unknown threat, a method for malware classification based on gradient boosting decision tree (GBDT) algorithm is researched, which learns the characteristics of code behavior and instruction sequence from a large number of samples, and realizes the intelligent malicious code classification function. GBDT algorithm is introduced into the field of malicious code detection, so that the behavior sequence of the model is interpretable, and improves its ability to detect malicious code significantly. GBDT algorithm can reflect the nature of the behavior and intention of malicious code objectively, and identify malicious code accurately. |
| |
| Keywords: | malware code unknown threat gradient boosting decision tree behavior characteristics |
| 本文献已被 万方数据 等数据库收录! |
| 点击此处可从《北京邮电大学学报》浏览原始摘要信息 |
|
点击此处可从《北京邮电大学学报》下载全文 |
|
