期刊文献+

基于肯定选择分类算法的恶意代码检测方法 被引量:5

Malware detection method based on positive selection classification algorithm
下载PDF
导出
摘要 针对恶意代码,尤其是顽固、隐匿的未知恶意代码危害日益加剧的问题,提出一种基于肯定选择分类算法的恶意代码检测方法.将样本文件转换成十六进制格式,提取样本文件的所有n-gram,计算具有最大信息增益的N个n-gram的词频,并做归一化处理,采用改进的肯定选择分类算法进行分类.该方法保留了肯定选择分类算法高分类准确率的优点,优化了分类器训练过程,提高了训练和检测效率.结果表明,该方法的检测效果优于朴素贝叶斯、贝叶斯网络、支持向量机和C4.5决策树等算法. In order to solve the problem that the harm of malware, especially the persistent and stealthy unknown malware becomes more serious, a malware detection method based on positive selection classification algorithm was proposed. The sample files were converted into hexadecimal format, and all n-grams of sample files were extracted. The word frequency of N n-grams with maximum information-gain was calculated and normalized. The improved positive selection classification algorithm was used to perform the classification. The present method retains the high classification accuracy of positive selection classification algorithm, optimizes the training process of classifier, and improves the efficiency of training and detection. The results reveal that the detection efficiency of the present method is prior to that of such algorithms as Naive Bayes, Bayesian Networks, support vector machine and C4.5 decision tree.
出处 《沈阳工业大学学报》 EI CAS 北大核心 2016年第2期206-210,共5页 Journal of Shenyang University of Technology
基金 国家自然科学基金资助项目(61402106) 广东省教育科学规划资助项目(14JXN029)
关键词 网络与信息安全 入侵检测 恶意代码 恶意代码检测 肯定选择分类算法 机器学习 特征选择 静态分析 network and information security intrusion detection malware malware detection positive selection classification algorithm machine learning feature selection static analysis
  • 相关文献

参考文献19

  • 1360互联网安全中心.2012年中国互联网安全报告[EB/OL].北京:360互联网安全中心,2013(2013-02-25)[2015-04-30].http://awuvsvkkjf.l5.yunpan.cn/lk/QUPZKyLbVTBTH. 被引量:1
  • 2李鹏,王汝传,武宁.基于空间关系特征的未知恶意代码自动检测技术研究[J].计算机研究与发展,2012,49(5):949-957. 被引量:5
  • 3Ding Y X,Yuan X B,Tang K,et al.A fast malware detection algorithm based on objective-oriented associa-tion mining[J].Computers &Security,2013,39:315-324. 被引量:1
  • 4Silvio C,Yang X,Zhou W L.Control flow-based malware variant detection[J].IEEE Transactions on Dependable and Secure Computing,2014,11(4):304-317. 被引量:1
  • 5Kolter J Z,Marcus A.Learning to detect malicious executables in the wild[C]//Knowledge Discovery and Data Mining.New York,USA,2004:470-478. 被引量:1
  • 6Nissim N,Robert M,Lior R,et al.Novel active learning methods for enhanced PC malware detection in windows OS[J].Expert Systems with Applications,2014,41(13):5843-5857. 被引量:1
  • 7Bai J R,Wang J F,Zou G Z.A malware detection scheme based on mining format information[J].The Scientific World Journal,2014,15(2):1-11. 被引量:1
  • 8Zhang M,Anand R,Niraj K.A defense framework against malware and vulnerability exploits[J].International Journal of Information Security,2014,13(5):439-452. 被引量:1
  • 9Forrest S,Hofmeyr S,Somayaji T.A sense of self for unix processes[C]//IEEE Symposium on Security and Privacy.Berlin,German,1996:120-128. 被引量:1
  • 10张福勇,齐德昱,胡镜林.终身学习的否定选择算法[J].沈阳工业大学学报,2012,34(3):293-297. 被引量:3

二级参考文献25

  • 1Forrest S, Perelson A S, Allen L, et al. Self-nonself discrimination in a computer [ C ]//IEEE Computer Society Symposium on Research in Security and Pri- vacy. Oakland, USA, 1994 : 202 - 212. 被引量:1
  • 2Gonzalez F A, Dasgupta D. Anomaly detection using real-valued negative selection [ J ]. Journal of Genetic Programming and Evolvable Machines, 2003,4 ( 4 ) : 383 - 403. 被引量:1
  • 3Gonzalez F,Dasgupta D,Nino L F,et al. A randomized real-valued negative selection algorithm [ J ]. Lecture Notes in Computer Science,2(X)3 ,2787 :261 -272. 被引量:1
  • 4Zhou J,Dasgupta D. Real-valued negative selection u- sing variable-sized detectors E J ]. Lecture Notes in Computer Science, 2004,3102:287 - 298. 被引量:1
  • 5de Castro L N, von Zuben F J. The clonal selection al- gorithm with engineering application I C ]//Procee- dings of GECCO Workshop on Artificial Immune Sys- tems and Their Applications. Las Vegas, USA, 2000: 36 - 37. 被引量:1
  • 6Kim J,Bentley P J. Towards an artificial immune system for network intrusion detection :an investigation of clonal selection with a negative selection' operator [ C ]//Pro- ceedings of the 2001 Congress on Evolutionary Computa- tion. Seoul, South Korea,2001 : 1244 - 1252. 被引量:1
  • 7Aickelin U, Bentley P, Cayzer S, et al. Danger theory: the link between AIS and IDS? EJ]. Lecture Notes in Computer Science,2003,2787 : 147 - 155. 被引量:1
  • 8Greensmith J, Aickelin U, Cayzer S. Introducing den- dritic cells as a novel immune-inspired algorithm for anomaly detection E J ]. Lecture Notes in Computer Science, 2005,3627 : 153 - 167. 被引量:1
  • 9Matzinger P. Tolerance, danger and the extended family . E J ]. Annual Review of Lmmunology, 1994, 12: 991 - 1045. 被引量:1
  • 10Greensmith J, Aickelin U, Twycross J. Articulation and clarification of the dendritic cell algorithm [ J ]. Lecture Notes in Computer Science,2(136,4163:404-417. 被引量:1

共引文献12

同被引文献39

引证文献5

二级引证文献38

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部