Computer Science

Computer Science ›› 2016, Vol. 43 ›› Issue (5): 91-95.doi: 10.11896/j.issn.1002-137X.2016.05.017

Previous Articles     Next Articles

Multiple Trajectories Feature Detection Technology Based on Data Mining

XUE Fei, SHAN Zheng, YAN Li-jing and FAN Chao   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

480

Abstract: In order to solve the shortcomings of the malware behavior characteristic detection,we proposed a multiple tracks detection method which uses the behavior characteristics of file operation,network access and memory resources to construct a three-dimensional signatures of malicious behavior database.In the course of constructing projection database,we combined AC automation which can optimize frequent sequence query,deleted these frequent sequences which are shorter than the minimum length,and then got the improved data mining algorithm,called Prefixspan-x.We used the algorithm to dynamicly extract malicious behavior characteristic database and threshold match,in order to overcome the detection difficulties caused by software packers and confusion during static disassembly way to get the software beha-vior trajectories.Experimental results show that the proposed feature detection technology has high accuracy and low false negative rate.

Key words: Behavioral trajectories,Data mining,Prefixspan-x,Characteristic database,Threshold matching

[1] Han Xiao-guang,Qu Wu,Yao Xuan-xia,et al.Research on malicious code variants detection based on texture fingerprint[J].Journal on Communications,2014,35(8):125-136(in Chinese) 韩晓光,曲武,姚宣霞,等.基于纹理指纹的恶意代码变种检测方法研究[J].通信学报,2014,35(8):125-136
[2] Wang Rui,Feng Deng-guo,Yang Yi,et al.Semantics-Based Malware Behavior Signature Extraction and Detection Method[J].Journal of Software,2012,23(2):378-393(in Chinese) 王蕊,冯登国,杨轶,等.基于语义的恶意代码行为特征提取及检测方法[J].软件学报,2012,23(2):378-393
[3] Cogswell B,Russinovich M.Rootkit revealer.http://www microsoB com/technet/sysinternals/Utilities/RootkitRevealermspx
[4] Schultz M G,Eskin E,Zadok E.Data Mining Methods for Detection of New Malicious Executables[C]∥IEEE Computer Society.2001:38-49
[5] Wang Shuo,Zhou Ji-liu,Peng Bo.Unknown virus detection basedon API sequence and support vector machine[J].Journal of Computer Applications,2007,27(8):1942-1943(in Chinese) 王硕,周激流,彭博.基于API序列分析和支持向量机的未知病毒检测[J].计算机应用,2007,27(8):1942-1943
[6] Zhu Ying-ying,Ye Mao,Liu Nai-qi,et al.Host intrusion detection based on sequence of Windows Native API[J].Computer Engineering and Applications,2008,4(18):109-112(in Chinese) 朱莺嘤,叶茂,刘乃琦,等.基于Windows Native API序列的系统行为入侵检测[J].计算机工程与应用,2008,4(18):109-112
[7] Gong Tao.Research of Malware Detection Based on Data Mi-ning [D].Hefei:University of Science and Technology of China,2012(in Chinese) 宫涛.基于数据挖掘的恶意软件检测研究[D].合肥:中国科学技术大学,2012
[8] Bai Jin-rong,Wang Jun-feng,Zhao Zong-qu.Malware Detection Approach Based on Structural Feature of PE File [J].Computer Science,2013,0(1):122-126(in Chinese) 白金荣,王俊峰,赵宗渠.基于PE静态结构特征的恶意软件检测方法[J].计算机科学,2013,0(1):122-126
[9] KonradRieck.Learning and Classification of Malware Behavior[C]∥5th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment(DIMVA 2008).Paris,France,2008:10-11
[10] An Jing,Yang Yi-xian,Li Zhong-xian.Obfuscated MaliciousCode Detection with Path Condition Analysis[J].Journal of Hunan University(Natural Sciences),2013,0(9):86-90(in Chinese) 安靖,杨义先,李忠献.路径条件驱动的混淆恶意代码检测[J].湖南大学学报(自然科学版),2013,0(9):86-90
[11] Zhang Xiao-kang.Research of Malicious Code Detection Tech-nology Based on Data Mining and Machine Learning [D].Hefei:University of Science and Technology of China,2009(in Chinese) 张小康.基于数据挖掘和机器学习的恶意代码检测技术研究[D].合肥:中国科学技术大学,2009
[12] Wang Xin-zhi,Sun Le-chang,Zhang Min,et al.Malicious Beha-vior Detection MethodBased on Sequential Pattern Discovery [J].Computer Engineering,2011,7(24):1-3(in Chinese) 王新志,孙乐昌,张旻,等.基于序列模式发现的恶意行为检测方法[J].计算机工程,2011,7(24):1-3
[13] Wang Li-na,Tan Xiao-bin,Pan Jian-feng,et al.Application ofPrefixSpan* Algorithm in Malware Detection[J].Computer Engineering,2010,6(7):119-121(in Chinese) 王丽娜,谭小彬,潘剑锋,等.恶意代码检测中的PrefixSpan算法应用[J].计算机工程,2010,6(7):119-121
[14] Gong Wei,Liu Pei-yu,Jia Xian.Sequential patterns mining algorithm based on improved PrefixSpan[J].Journal of Computer Applications,2011,1(9):2405-2407(in Chinese) 公伟,刘培玉,贾娴.基于改进PrefixSpan的序列模式挖掘算法[J].计算机应用,2011,1(9):2405-2407
[15] Zhang Kun,Zhu Yang-yong.Sequence Pattern Mining Without Duplicate Project Database Scan[J].Journal of Computer Research and Development,2007,44(1):126-132(in Chinese) 张坤,朱扬勇.无重复投影数据库扫描的序列模式挖掘算法[J].计算机研究与发展,2007,44(1):126-132
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.