期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

采用路径IRP的Windows恶意进程检测方法 被引量:5

Windows malicious process detection method with path IRP
下载PDF
导出
摘要 针对程序在同一操作系统的不同环境下运行产生的IRP(I/O request packets)序列不完全相同,对检测结果有一定影响的问题,提出了采用路径IRP的Windows恶意进程检测方法.单独提取每一个操作路径的IRP请求序列,应用朴素贝叶斯、贝叶斯网络、支持向量机、C4.5决策树及改进的人工免疫算法(IAIS)进行检测,并比较了各种算法在不同特征选择方法下的检测效果.实验结果表明,本文所提出的采用路径IRP的Windows恶意进程检测方法是有效可行的,在所有方法中,采用Fisher Score进行特征选择的朴素贝叶斯方法得到了最高的检测率99.2%,优于基于IRP序列的恶意进程检测方法. In order to solve the problem that the I/O request packets (IRP) sequences of programs are not fully identical in different environments of same operating system, which has a certain influence on the detection results, a Windows malicious process detection method with path IRP was proposed. Every single IRP request sequence on the same operation path was extracted, and the detection was carried out with the Naive Bayes, Bayesian networks, support vector machine, C4.5 decision tree and improved artificial immune system (IAIS). The detection results of all methods with different feature selection algorithms were compared. The results reveal that the Windows malicious process detection method with path IRP is effective. Among these methods, the Naive Bayes with Fisher score feature selection algorithm offers the highest detection rate of 99.2 %, which outperforms the malicious processes detection method based on IRP sequences.
作者 张福勇 赵铁柱
机构地区 东莞理工学院计算机学院
出处 《沈阳工业大学学报》 EI CAS 北大核心 2015年第4期434-439,共6页 Journal of Shenyang University of Technology
基金 国家自然科学基金资助项目(61402106)
关键词 网络与信息安全 入侵检测 人工免疫系统 恶意进程检测 机器学习 特征选择 I/O请求包 动态分析 network and information security intrusion detection artificial immune system malicious process detection machine learning feature selection I/O request packet dynamic analysis
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献10

  • 1360互联网安全中心.2012年中国互联网安全报告[EB/OL].北京:360互联网安全中心,2013(2013-02 - 25 ) [ 2014 - 10 - 30 ]. http://awuvsvkkjf. 15. yunpan, cn/lk/QUPZKyLbVTBTH. 被引量:1
  • 2Symantec. 2014 internet security threat report [ EB/ OL]. New York: Symantec, 2014 ( 2014 - 04 - 01 ) [ 2014 - 10 - 30 ]. http ://www. symantec, com/secu- fity_response/publications/threatreport, jsp? om ext cid = biz_socmed_twitter_facebook marketwire_linke- din_2013 Apr_worldwide_ISTR18. 被引量:1
  • 3国家互联网应急中心.2013年中国互联网网络安全报告[EB/OL].北京:国家互联网应急中心,2014(2014 - 06 - 03) [2014 - 10 - 30]. http://www. cert. org. cn/publish/rnain/upload/File/2o13% 2oAnnual% 2oRerxort% 20. pdf. 被引量:1
  • 4李鹏,王汝传,武宁.基于空间关系特征的未知恶意代码自动检测技术研究[J].计算机研究与发展,2012,49(5):949-957. 被引量:5
  • 5张福勇,齐德昱,胡镜林.基于C4.5决策树的嵌入型恶意代码检测方法[J].华南理工大学学报(自然科学版),2011,39(5):68-72. 被引量:8
  • 6芦天亮..基于人工免疫系统的恶意代码检测技术研究[D].北京邮电大学,2013:
  • 7张福勇,齐德昱,胡镜林.终身学习的否定选择算法[J].沈阳工业大学学报,2012,34(3):293-297. 被引量:3
  • 8Islam R, Tian R H, Batten L M, et al. Classification of malware based on integrated static and dynamic fea- tures[J]. Journal of Network and Computer Applica- tions,2013,36(2) :646 - 656. 被引量:1
  • 9Shahzad F, Shahzad M, Farooq M. In-execution dy- namic malware analysis and detection by mining infor- mation in process control blocks of Linux OS [ J ]. In- formation Sciences,2013,231:45 - 63. 被引量:1
  • 10张福勇,齐德昱,胡镜林.基于IRP的未知恶意代码检测方法[J].华南理工大学学报(自然科学版),2011,39(4):15-20. 被引量:3

二级参考文献52

  • 1闵华清,卢炎生,蒋晓宇.基于共同进化计算的分类规则算法[J].华南理工大学学报(自然科学版),2006,34(6):69-73. 被引量:1
  • 2Mutz D, Robertson W, Vigna G, et al. Exploiting execution context for the detection of anomalous system calls [ C ]//Proc of the International Symposium Recent Advances in Intrusion Detection. Heidelberg:Springer-Verlag,2007:1-20. 被引量:1
  • 3VX Heavens. Computer virus collection [ DB/OL ]. ( 2007-09-14 ) [ 2010- 07-12 ] http : //vx. netlux, org/vl. php. 被引量:1
  • 4Aickelin U, Bentley P, Cayzer S, et al. Danger theory : the link between AIS and IDS? [ C]//Proc of the International Conference on Artificial Immune Systems. Heidel-berg: Springer-Verlag, 2003 : 147 - 155. 被引量:1
  • 5Greensmith J, Aickelin U, Cayzer S. Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection [C] //Proc of the International Conference on Artificial Immune Systems. Heidelberg: Springer-Verlag, 2005 : 153-167. 被引量:1
  • 6Greensmith J, Aickelin U. The deterministic dendritic cell algorithm [ C ]//Proc of the International Confe- rence on Artificial Immune Systems. Heidelberg:Springer- Verlag, 2008:291- 303. 被引量:1
  • 7Golub T R, Slonim D K, Tamayo P, et al. Molecular classification of cancer:class discovery and class prediction by gene expression monitoring [ J ]. Science, 1999,286 (5439) :531-537. 被引量:1
  • 8The University of Waikato Weka [ DB/OL]. (2010-01- 22) [2010-07-12]http://www. cs. wai kato. ac. nz/ml/ wekaf. 被引量:1
  • 9Symantec Corporation. Internet security threat report volume XV [EB/OL]. (2010-04-30) [2010-07-12] http:// www. symantec. com/business/theme. jsp? themeid = threatreport. 被引量:1
  • 10Willems C, Holz T, Freiling F. Toward automated dynamic malware analysis using CWSandbox [J]. IEEE Security & Privacy,2007,5 ( 2 ) : 32- 39. 被引量:1

共引文献13

同被引文献55

引证文献5

二级引证文献14

沈阳工业大学学报
2015年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部