| 一种恶意代码变种检测的有效方法 |
| |
| 引用本文: | 韩小素,庞建民,岳峰.一种恶意代码变种检测的有效方法[J].计算机安全,2010(9):53-57. |
| |
| 作者姓名: | 韩小素 庞建民 岳峰 |
| |
| 作者单位: | 信息工程大学,信息工程学院,河南,郑州,450002 |
| |
| 基金项目: | 国家高技术研究发展计划(863)项目 |
| |
| 摘 要: | 为了改变基于特征码病毒查杀存在的滞后性,以及对于恶意代码变种的无效性,提出了一种基于支持向量机和模糊推理技术的恶意代码及其变种的检测方法。基于Radux原型系统,通过使用多分类机,将恶意程序进一步细分为病毒、蠕虫和木马程序,然后进行恶意代码判定的模糊推理,使得未知病毒的检测概率进一步提升,对于已有恶意程序的检测率高达99.03%,对于恶意程序变种的检测率达到93.38%。
|
| 关 键 词: | 支持向量机 模糊推理 Radux 恶意代码检测 恶意代码变种 |
An Effective Method for Variant of Malicious Code Detection |
| |
| HAN Xiao-su,PANG Jian-min,YUE Feng.An Effective Method for Variant of Malicious Code Detection[J].Network & Computer Security,2010(9):53-57. |
| |
| Authors: | HAN Xiao-su PANG Jian-min YUE Feng |
| |
| Affiliation: | (Institute of Information Engineering,Information Engineering University,Zhengzhou,Henan 450002,China) |
| |
| Abstract: | To change the lag caused by signature-based virus checking and killing,and the invalidity of malicious code variants,proposed a support vector machine and fuzzy reasoning and its variants of malicious code detection method.Prototype system based on Radux,through the using of multi-classifier,the malicious program is further broken down as viruses,worms and Trojan horse programs,malicious code and then determine the fuzzy reasoning,making detection of unknown viruses to further enhance the probability of looking for malicious programs have been 99.03% detection rate,for mutation detection rate of malicious programs to 93.38%. |
| |
| Keywords: | Support Vector Machine Fuzzy Reasoning Reverse Analysis for Detecting Unsafe eXecutables Malicious Code Detection Malicious Code Variants |
| 本文献已被 维普 万方数据 等数据库收录! |
|
