| 基于流量统计指纹的恶意代码检测模型 |
| |
| 引用本文: | 苗甫,王振兴,张连成.基于流量统计指纹的恶意代码检测模型[J].计算机工程,2011,37(18):131-133. |
| |
| 作者姓名: | 苗甫 王振兴 张连成 |
| |
| 作者单位: | 解放军信息工程大学信息工程学院,郑州,450002 |
| |
| 摘 要: | 采用加密和隧道技术的恶意代码难以检测。为此,提出基于流量统计指纹的恶意代码检测模型。提取恶意代码流量中的包层特征和流层特征,对高维流层特征采用主成分分析进行降维,利用两类特征的概率密度函数建立恶意代码流量统计指纹,使用该指纹检测网络中恶意代码通信流量。实验结果表明,该模型能有效检测采用加密和隧道技术的恶意代码。
|
| 关 键 词: | 恶意代码检测 隧道 流量统计指纹 特征选择 主成分分析 |
| 收稿时间: | 2011-02-18 |
Malicious Code Detection Model Based on Traffic Statistical Fingerprinting |
| |
| MIAO Fu,WANG Zhen-xing,ZHANG Lian-cheng.Malicious Code Detection Model Based on Traffic Statistical Fingerprinting[J].Computer Engineering,2011,37(18):131-133. |
| |
| Authors: | MIAO Fu WANG Zhen-xing ZHANG Lian-cheng |
| |
| Affiliation: | (Institute of Information Engineering,PLA Information Engineering University,Zhengzhou 450002,China) |
| |
| Abstract: | In order to detect malicious codes which utilize encryption technology and tunnels encapsulation,a new malicious code detection model based on traffic statistical fingerprinting is presented.The packet-level features and flow-level features are extracted from each flow in a training set.The flow-level features are filtered by the Principal Component Analysis.The detection model is constructed after malicious code's traffic statistical fingerprinting is got from these features' probability density functions.Experimental results indicate that this model can effectively detect encrypted or tunneled malicious codes. |
| |
| Keywords: | malicious code detection tunnel traffic statistical fingerprinting feature selection Principal Component Analysis(PCA) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
