| 提升多维特征检测迷惑恶意代码 |
| |
| 引用本文: | 孔德光,谭小彬,奚宏生,宫涛,帅建梅.提升多维特征检测迷惑恶意代码[J].软件学报,2011,22(3):522-533. |
| |
| 作者姓名: | 孔德光 谭小彬 奚宏生 宫涛 帅建梅 |
| |
| 作者单位: | 1. 中国科学技术大学自动化系,安徽合肥,230027;Cyber-Security Laboratory,The Pennsylvania State University,University Park,State College,16801,USA
2. 中国科学技术大学自动化系,安徽合肥,230027 |
| |
| 基金项目: | 国家高技术研究发展计划(863) (2006AA01Z449) |
| |
| 摘 要: | 针对迷惑恶意代码识别率较低的问题,提出一种基于提升多维特征的迷惑恶意代码检测算法.该算法在对迷惑恶意代码反汇编后进行静态分析,从Opcode分布序列,调用流图特征、系统调用序列图这3个特征维度对恶意代码家族特征进行归纳和分析,结合统计和语义结构特征表现恶意代码"行为"特性,从而对分类结果加权投票后给出迷惑恶意代码家族判...
|
| 关 键 词: | 恶意代码检测 多维特征 迷惑 提升 |
| 收稿时间: | 2009/3/19 0:00:00 |
| 修稿时间: | 6/1/2009 12:00:00 AM |
Obfuscated Malware Detection Based on Boosting Multilevel Features |
| |
| KONG De-Guang,TAN Xiao-Bin,XI Hong-Sheng,GONG Tao and SHUAI Jian-Mei.Obfuscated Malware Detection Based on Boosting Multilevel Features[J].Journal of Software,2011,22(3):522-533. |
| |
| Authors: | KONG De-Guang TAN Xiao-Bin XI Hong-Sheng GONG Tao and SHUAI Jian-Mei |
| |
| Affiliation: | Department of Automation, University of Science and Technology of China, Hefei 230027, China; Cyber-Security Laboratory, The Pennsylvania State University, University Park, State College, 16801, USA;Department of Automation, University of Science and Technology of China, Hefei 230027, China;Department of Automation, University of Science and Technology of China, Hefei 230027, China;Department of Automation, University of Science and Technology of China, Hefei 230027, China;Department of Automation, University of Science and Technology of China, Hefei 230027, China |
| |
| Abstract: | To cope with the problem of the low accuracy in detecting obfuscated malware, an algorithm to detect obfuscated malware based on boosting multi-level features is presented. After a disassembly analysis and static analysis for the obfuscated malware, the algorithm extracts features from three dimensions: opcode distribution, a function call graph, and a system call graph, which combines the statistic and semantic features to reflect the behavior characteristic of the malware, and then gives out the decision result based on weighted voting for a different feature analysis. It has been proven by experiment that the algorithms have a much higher accuracy on the testing dataset. |
| |
| Keywords: | malware detection multi-feature obfuscate boosting |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《软件学报》浏览原始摘要信息 |
|
点击此处可从《软件学报》下载全文 |
|
