自然科学版 英文版
自然科学版 英文版
自然科学版 英文版

您目前所在的位置:首页 - 期刊简介 - 详细页面

中南大学学报(自然科学版)

Journal of Central South University

第45卷    第9期    总第241期    2014年9月

[PDF全文下载]    [Flash在线阅读]

    

文章编号:1672-7207(2014)09-3055-06
一种基于危险理论的恶意代码检测方法
黄聪会,陈靖,龚水清,罗樵,朱清超

(空军工程大学 信息与导航学院,陕西 西安,710077)

摘 要: 针对当前基于多维特征检测恶意代码过程中缺乏有效的特征综合手段及检测方法问题,提出一种基于危险理论的恶意代码特征提取、融合及检测方法。该方法采用n-gram算法提取恶意代码运行时API调用序列特征,再将多个特征融合成危险信号和安全信号,最后利用确定性树突状细胞算法检测恶意代码。实验结果表明:与其他4种检测算法(朴素贝叶斯算法、决策树算法、支持向量机算法、基于实例的学习算法)相比,该方法具有更低的漏报率和误报率。

 

关键字: 危险理论;确定性树突状细胞算法;恶意代码检测;API调用序列;检测率

A malicious code detection method based on danger theory
HUANG Conghui, CHEN Jing, GONG Shuiqing, LUO Qiao, ZHU Qingchao

School of Information and Navigation, Air Force Engineering University, Xi''an 710077, China

Abstract:Aiming at the problem that there was no effective means to synthesize features and detection method during the process of detecting malware with multi-level features, a method based on the danger theory was proposed to extract malware characteristics, synthesize them, and detect malware. This method used the n-gram algorithm to extract the runtime API call sequence features of malware, and then integrated the features into danger signal and safety signal, lastly used the deterministic dendritic cell algorithm to detect malware. The experimental results show that compared with the other four detection algorithms (Naive Bayes algorithm, decision tree algorithm, support vector machine algorithm and instance-based learning algorithm), the proposed method has lower false negative rate and false positive rate.

 

Key words: danger theory; deterministic dendritic cell algorithm; malicious code detection; API call sequence; detection rate

中南大学学报(自然科学版)
  ISSN 1672-7207
CN 43-1426/N
ZDXZAC
中南大学学报(英文版)
  ISSN 2095-2899
CN 43-1516/TB
JCSTFT
版权所有:《中南大学学报(自然科学版、英文版)》编辑部
地 址:湖南省长沙市中南大学 邮编: 410083
电 话: 0731-88879765(中) 88836963(英) 传真: 0731-88877727
电子邮箱:zngdxb@csu.edu.cn 湘ICP备09001153号