| 一种基于综合行为特征的恶意代码识别方法 |
| |
| 引用本文: | 刘巍伟,石勇,郭煜,韩臻,沈昌祥.一种基于综合行为特征的恶意代码识别方法[J].电子学报,2009,37(4). |
| |
| 作者姓名: | 刘巍伟 石勇 郭煜 韩臻 沈昌祥 |
| |
| 作者单位: | 1. 北京交通大学计算机与信息技术学院,北京,100044
2. 北京工业大学,北京,100124 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 基于行为的分析方法是恶意代码检测技术的发展方向,但现有的以孤立行为特征为依据的恶意代码识别方法误报率较高,本文提出了一种基于代码综合行为特征的恶意代码检测方法-IBC-DA.该算法通过改造的攻击树模型描述恶意代码执行过程中各相关主体间的关系,在此基础上计算得到的恶意性权值能够更加准确地反映代码执行过程对系统的影响.实验表明,利用本文算法进行病毒检测具有较低漏报率和误报率,并对未知恶意代码的防范具有积极意义.
|
| 关 键 词: | 行为特征 攻击树 恶意代码 病毒检测 |
A Malicious Code Detection Method Based on Integrated Behavior Characterization |
| |
| LIU Wei-wei,SHI Yong,GUO Yu,HAN Zhen,SHEN Chang-xiang.A Malicious Code Detection Method Based on Integrated Behavior Characterization[J].Acta Electronica Sinica,2009,37(4). |
| |
| Authors: | LIU Wei-wei SHI Yong GUO Yu HAN Zhen SHEN Chang-xiang |
| |
| Affiliation: | 1.College of Computer and Information Technology Beijing Jiaotong University;Beijing 100044;China;2.Beijing University of Technology;Beijing 100124;China |
| |
| Abstract: | The existing malicious code detection algorithms which are based on individual behaviors have some drawbacks.In this paper we present a new malicious code detection algorithm based on behavior characteristics by importing improved attack tree model to describe the entity relationships during the malicious code execution time.It is named IBC-DA.The experiments result shows that the proposed algorithm works in most cases of detection and only has minor errors in few conditions.This algorithm has very positive... |
| |
| Keywords: | behavior characterization attack tree malicious code virus detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
