| 基于关键应用编程接口图的恶意代码检测 |
| |
| 引用本文: | 白莉莉,庞建民,张一弛,岳 峰.基于关键应用编程接口图的恶意代码检测[J].计算机工程,2010,36(9):139-141. |
| |
| 作者姓名: | 白莉莉 庞建民 张一弛 岳 峰 |
| |
| 作者单位: | (解放军信息工程大学信息工程学院,郑州 450002) |
| |
| 基金项目: | 国家“863”计划基金资助项目(2006AA01Z408 2009AA01Z434) |
| |
| 摘 要: | 针对基于特征码的恶意代码检测方法无法应对混淆变形技术的问题,提出基于关键应用编程接口(API)图的检测方法。通过提取恶意代码控制流图中含关键API调用的节点,将恶意行为抽象成关键API图,采用子图匹配的方法判定可疑程序的恶意度。实验结果证明,该方法能有效检测恶意代码变体,漏报率较低。
|
| 关 键 词: | 控制流图 关键应用编程接口图 恶意代码检测 |
Malware Detection Based on Critical Application Programming Interface Graph |
| |
| BAI Li-li,PANG Jian-min,ZHANG Yi-chi,YUE Feng.Malware Detection Based on Critical Application Programming Interface Graph[J].Computer Engineering,2010,36(9):139-141. |
| |
| Authors: | BAI Li-li PANG Jian-min ZHANG Yi-chi YUE Feng |
| |
| Affiliation: | (Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002) |
| |
| Abstract: | Aiming at the problem that malware detection method based on signature can be easily subverted by obfuscation techniques, this paper proposes a detection method based on Critical Application Programming Interface Graph(CAG). By statically extracting nodes with critical API calling from Control Flow Graph(CFG) for each malware, each malicious behavior can be presented by one CAG. A matching algorithm based on CAG is used to determine whether a suspicious executable programming has the same malicious behavior as a malware does. Experimental results show that the method can detect malware variants efficiently with low false negative rate. |
| |
| Keywords: | Control Flow Graph(CFG) Critical Application Programming Interface Graph(CAG) malware detection |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
