Computer Science ›› 2015, Vol. 42 ›› Issue (1): 187-192.doi: 10.11896/j.issn.1002-137X.2015.01.042

Previous Articles     Next Articles

Detection of Malware Code Based on Acquaintance Degree

DU Nan, HAN Lan-sheng, FU Cai, ZHANG Zhong-ke and LIU Ming   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Signature recognition method can only identify the known malicious code,did not solve the problem of the discrimination of the malicious code.The current method based on behavior and heuristic scanning only pays attention to the single danger action point of malicious code,and has a high rate of false positives.The paper focused on the relationship between behaviors,described and tested behaviors and the relationship between behaviors by matrix,then gave a malicious code detection method based on acquaintance degree.Acquaintance degree is the familiarity degree of the system to under-test code.According to the size of the acquaintance degree,whether the under-test code is malicious code can be judged,the greater the acquaintance degree,the smaller the possibility of being malicious code.An algorithm of detecting malware behavior was given and its feasibility was justified through real example test.

Key words: Acquaintance degree,Similarity,Behavior characteristics,Malware code,Matrix

[1] 棱镜门事件.
[2] 李华,刘智,覃征,等.基于行为分析和特征码的恶意代码检测技术[J].计算机应用研究,2011,8(3):1127-1129
[3] Christodorescu M,Jha S.Static Analysis of Executables to De-tect Malicious Patterns[C]∥Proc.of the 12th USENIX Security Symp.2003:169-186
[4] Preda M D,Christodorescu M,Jha S,et al.Semantics-AwareMaIware Detection[C]∥Proc.of the 2005 IEEE Symposium on Security and Privacy(S&P 2005).May 2005
[5] Willems C.CWSandboxx:Automatic Behaviors Analysis of Malware.,2006
[6] Sawaya Y.Detection of attackers in services using anomalous host behavior based on traffic flow statistics[C]∥11th International Symposium on Application and Internet.2011:353-359
[7] 左黎明,汤鹏志,刘二根,等.基于行为特征的恶意代码检测方法[J].计算机工程,2012,8(2):129-131
[8] 金然,范荣荣,顾小琪.基于谓词时序逻辑的恶意代码行为描述及检测[J].计算机科学,2013,0(9):116-119
[9] Idika N,Mathur A.A Survey of Malware Detection Techniques[R].SERC-TR286.Software Engineering Research Center,3-1-07,2007:31-39
[10] Cohen F.Computer Viruses:Theory and Experiments[J].Computers & Security,1987,6(1):22-35
[11] 曹跃,梁晓,李毅超,等.基于差异分析的隐蔽恶意代码检测[J].计算机科学,2008,5(2):96-98
[12] Konstantinou E.Metamorphic Virus:Analysis and Detection[R].Technical Report RHUL-MA .2008:33-51
[13] 刘巍伟,石勇,郭煜,等.一种基于综合行为特征的恶意代码识别方法[J].电子学报,2009,4(4):696-700
[14] Bergeron J,Debbabi M,Desharnais J,et al.Static Detection of Malicious Code in Executable Programs[C]∥Proc.of 1st Symposium on Requirements Engineering for Information Security.2001:525-530
[15] 苗甫,王振兴,张连成,等.基于流量统计指纹的恶意代码监测模型[J].计算机工程,2011,7(18):131-133
[16] 宫慧颖,张晓东,刘磊,等.程序分片技术及应用[J].大连民族学院学报,2001,3(3):1-7
[17] Christodorescu M,Jha S,et al.Semantics-aware malware detection[C]∥Proc.of the 2005 IEEE Sym.on Security and Privacy.2006:32-46
[18] Wang W,Murynets I.What you see predicts what you get lightweight agent based malware detection[J].Security and Communication Networks,2012,6(1):33-48
[19] Geer D.Behavior Based Network Security Goes Mal-stream[J].Computer,2006,9(3):14-17
[20] Bayer U,Moser A,Kruegel C,et al.TAnalyze:Dynamic Analysis of Malicious Code[J].Journal in Computer Virology,2006,2(1):67-77
[21] Harmer P K,Williams P D,Gunsch G H,et al.Artificial Im-mune System against Viral Attack[J].IEEE Transactions on Evolutionary Computation,2002:353-359

No related articles found!
Full text



No Suggested Reading articles found!