| 基于关联规则的未知恶意程序检测技术 |
| |
| 引用本文: | 章文,郑烇,帅建梅,陈超.基于关联规则的未知恶意程序检测技术[J].计算机工程,2008,34(24):172-174. |
| |
| 作者姓名: | 章文 郑烇 帅建梅 陈超 |
| |
| 作者单位: | 中国科学技术大学自动化系,合肥,230027 |
| |
| 基金项目: | 国家"863"计划基金资助项目 |
| |
| 摘 要: | 针对当前基于特征码病毒检测技术不能检测出未知病毒的缺点,通过研究某些病毒及其变种版本在执行过程中应用程序接口(API)调用序列的规律,提出一种基于数据挖掘的检测技术,采用Apriori算法从已知病毒的API调用序列中提取有价值的关联规则,用于指导病毒检测。实验结果表明该方法对未知病毒检测有良好的效果。
|
| 关 键 词: | 关联规则 未知恶意程序 应用程序接口 |
| 修稿时间: | |
New Malicious Executables Detection Based on Association Rules |
| |
| ZHANG Wen,ZHENG Quan,SHUAI Jian-mei,CHEN Chao.New Malicious Executables Detection Based on Association Rules[J].Computer Engineering,2008,34(24):172-174. |
| |
| Authors: | ZHANG Wen ZHENG Quan SHUAI Jian-mei CHEN Chao |
| |
| Affiliation: | (Department of Automation, University of Science & Technology of China, Hefei 230027) |
| |
| Abstract: | In order to improve the current malicious detection technology based on signature, this paper presents a method based on data mining. By researching the rules of API calling sequences during executing viruses, the method uses Apriori algorithms to extract some valuable related rules which hide out in a lot of API calling sequences of viruses. These rules can be used to detect Viruses. Experimental results validate its effection. |
| |
| Keywords: | association rules new malicious executables API |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
|
