计算机科学 ›› 2016, Vol. 43 ›› Issue (5): 91-95.doi: 10.11896/j.issn.1002-137X.2016.05.017
薛飞,单征,闫丽景,范超
XUE Fei, SHAN Zheng, YAN Li-jing and FAN Chao
摘要: 针对现有恶意程序行为特征检测存在的不足,采用多轨迹检测方法,用文件操作、网络访问、内存资源访问的行为特征构建出三维恶意行为特征库。在构造投影数据库的过程中,结合AC自动机优化频繁序列查询,舍去不满足最小长度的频繁序列,得到改进的数据挖掘算法——Prefixspan-x,并将其应用于动态提取恶意软件行为特征库和阈值匹配,以克服静态反汇编方式获取软件行为轨迹时软件加壳、混淆带来的检测困难。实验结果表明,基于数据挖掘的多轨迹特征检测技术具有较高的准确率和较低的漏报率。
[1] Han Xiao-guang,Qu Wu,Yao Xuan-xia,et al.Research on malicious code variants detection based on texture fingerprint[J].Journal on Communications,2014,35(8):125-136(in Chinese) 韩晓光,曲武,姚宣霞,等.基于纹理指纹的恶意代码变种检测方法研究[J].通信学报,2014,35(8):125-136 [2] Wang Rui,Feng Deng-guo,Yang Yi,et al.Semantics-Based Malware Behavior Signature Extraction and Detection Method[J].Journal of Software,2012,23(2):378-393(in Chinese) 王蕊,冯登国,杨轶,等.基于语义的恶意代码行为特征提取及检测方法[J].软件学报,2012,23(2):378-393 [3] Cogswell B,Russinovich M.Rootkit revealer.http://www microsoB com/technet/sysinternals/Utilities/RootkitRevealermspx [4] Schultz M G,Eskin E,Zadok E.Data Mining Methods for Detection of New Malicious Executables[C]∥IEEE Computer Society.2001:38-49 [5] Wang Shuo,Zhou Ji-liu,Peng Bo.Unknown virus detection basedon API sequence and support vector machine[J].Journal of Computer Applications,2007,27(8):1942-1943(in Chinese) 王硕,周激流,彭博.基于API序列分析和支持向量机的未知病毒检测[J].计算机应用,2007,27(8):1942-1943 [6] Zhu Ying-ying,Ye Mao,Liu Nai-qi,et al.Host intrusion detection based on sequence of Windows Native API[J].Computer Engineering and Applications,2008,4(18):109-112(in Chinese) 朱莺嘤,叶茂,刘乃琦,等.基于Windows Native API序列的系统行为入侵检测[J].计算机工程与应用,2008,4(18):109-112 [7] Gong Tao.Research of Malware Detection Based on Data Mi-ning [D].Hefei:University of Science and Technology of China,2012(in Chinese) 宫涛.基于数据挖掘的恶意软件检测研究[D].合肥:中国科学技术大学,2012 [8] Bai Jin-rong,Wang Jun-feng,Zhao Zong-qu.Malware Detection Approach Based on Structural Feature of PE File [J].Computer Science,2013,0(1):122-126(in Chinese) 白金荣,王俊峰,赵宗渠.基于PE静态结构特征的恶意软件检测方法[J].计算机科学,2013,0(1):122-126 [9] KonradRieck.Learning and Classification of Malware Behavior[C]∥5th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment(DIMVA 2008).Paris,France,2008:10-11 [10] An Jing,Yang Yi-xian,Li Zhong-xian.Obfuscated MaliciousCode Detection with Path Condition Analysis[J].Journal of Hunan University(Natural Sciences),2013,0(9):86-90(in Chinese) 安靖,杨义先,李忠献.路径条件驱动的混淆恶意代码检测[J].湖南大学学报(自然科学版),2013,0(9):86-90 [11] Zhang Xiao-kang.Research of Malicious Code Detection Tech-nology Based on Data Mining and Machine Learning [D].Hefei:University of Science and Technology of China,2009(in Chinese) 张小康.基于数据挖掘和机器学习的恶意代码检测技术研究[D].合肥:中国科学技术大学,2009 [12] Wang Xin-zhi,Sun Le-chang,Zhang Min,et al.Malicious Beha-vior Detection MethodBased on Sequential Pattern Discovery [J].Computer Engineering,2011,7(24):1-3(in Chinese) 王新志,孙乐昌,张旻,等.基于序列模式发现的恶意行为检测方法[J].计算机工程,2011,7(24):1-3 [13] Wang Li-na,Tan Xiao-bin,Pan Jian-feng,et al.Application ofPrefixSpan* Algorithm in Malware Detection[J].Computer Engineering,2010,6(7):119-121(in Chinese) 王丽娜,谭小彬,潘剑锋,等.恶意代码检测中的PrefixSpan算法应用[J].计算机工程,2010,6(7):119-121 [14] Gong Wei,Liu Pei-yu,Jia Xian.Sequential patterns mining algorithm based on improved PrefixSpan[J].Journal of Computer Applications,2011,1(9):2405-2407(in Chinese) 公伟,刘培玉,贾娴.基于改进PrefixSpan的序列模式挖掘算法[J].计算机应用,2011,1(9):2405-2407 [15] Zhang Kun,Zhu Yang-yong.Sequence Pattern Mining Without Duplicate Project Database Scan[J].Journal of Computer Research and Development,2007,44(1):126-132(in Chinese) 张坤,朱扬勇.无重复投影数据库扫描的序列模式挖掘算法[J].计算机研究与发展,2007,44(1):126-132 |
No related articles found! |
|