首页 | 本学科首页   官方微博 | 高级检索  
     

基于ELF静态结构特征的恶意软件检测方法
引用本文:白金荣,王俊峰,赵宗渠. 基于ELF静态结构特征的恶意软件检测方法[J]. 四川大学学报(工程科学版), 2012, 44(5): 109-114
作者姓名:白金荣  王俊峰  赵宗渠
作者单位:1. 四川大学计算机学院,四川成都610065 玉溪师范学院,云南玉溪653100
2. 四川大学计算机学院,四川成都,610065
基金项目:国家高技术研究发展计划
摘    要:Linux平台的恶意软件检测方法目前研究较少,主要的分析手段和检测技术依然有很大的局限性。提出了一种基于ELF文件静态结构特征的恶意软件检测方法。通过对Linux平台ELF文件静态结构属性深入分析,提取在恶意软件和正常软件间具有很好区分度的属性,通过特征选择方法约减提取的特征,然后使用数据挖掘分类算法进行学习,使得能正确识别恶意软件和正常文件。实验结果显示,所使用分类算法能够以99.7%的准确率检测已知和未知的恶意软件,且检测时间较短,占用系统资源较少,可实际部署于反病毒软件中使用。

关 键 词:恶意软件检测  结构特征  机器学习  ELF
收稿时间:2012-03-07
修稿时间:2012-06-20

Malware Detection Approach Based on Structural Feature of ELF File
Bai Jinrong,Wang Junfeng and Zhao Zongqu. Malware Detection Approach Based on Structural Feature of ELF File[J]. Journal of Sichuan University (Engineering Science Edition), 2012, 44(5): 109-114
Authors:Bai Jinrong  Wang Junfeng  Zhao Zongqu
Affiliation:Sicuan university
Abstract:With the increasing development and application of Linux, more disruptive malware appeared in the Linux platform. Because malware detection method is rarely studied in the Linux platform at present, the main analysis and detection methods still have a lot of limitations. This paper proposed a new malware detection method based on the structure feature of the ELF file. Based on in-depth analysis of the static structure information of the ELF file, the features which can distinguish between malware and the benign were extracted from the structural information of ELF file and feature selection method was applied to reduce the dimensionality of the features. When the selected features were trained using classification algorithms, the results of our experiments indicate that the accuracy of our method reaches 99.7% and our method can identify the known and unknown malware. The new detection approach achieved high detection accuracy with low processing overheads and less detection time and could be deployed in real-time anti-virus software.
Keywords:malware detection   structural feature   machine learning   ELF
本文献已被 CNKI 万方数据 等数据库收录!
点击此处可从《四川大学学报(工程科学版)》浏览原始摘要信息
点击此处可从《四川大学学报(工程科学版)》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号