摘要
针对恶意代码,尤其是顽固、隐匿的未知恶意代码危害日益加剧的问题,提出一种基于肯定选择分类算法的恶意代码检测方法.将样本文件转换成十六进制格式,提取样本文件的所有n-gram,计算具有最大信息增益的N个n-gram的词频,并做归一化处理,采用改进的肯定选择分类算法进行分类.该方法保留了肯定选择分类算法高分类准确率的优点,优化了分类器训练过程,提高了训练和检测效率.结果表明,该方法的检测效果优于朴素贝叶斯、贝叶斯网络、支持向量机和C4.5决策树等算法.
In order to solve the problem that the harm of malware, especially the persistent and stealthy unknown malware becomes more serious, a malware detection method based on positive selection classification algorithm was proposed. The sample files were converted into hexadecimal format, and all n-grams of sample files were extracted. The word frequency of N n-grams with maximum information-gain was calculated and normalized. The improved positive selection classification algorithm was used to perform the classification. The present method retains the high classification accuracy of positive selection classification algorithm, optimizes the training process of classifier, and improves the efficiency of training and detection. The results reveal that the detection efficiency of the present method is prior to that of such algorithms as Naive Bayes, Bayesian Networks, support vector machine and C4.5 decision tree.
出处
《沈阳工业大学学报》
EI
CAS
北大核心
2016年第2期206-210,共5页
Journal of Shenyang University of Technology
基金
国家自然科学基金资助项目(61402106)
广东省教育科学规划资助项目(14JXN029)
关键词
网络与信息安全
入侵检测
恶意代码
恶意代码检测
肯定选择分类算法
机器学习
特征选择
静态分析
network and information security
intrusion detection
malware
malware detection
positive selection classification algorithm
machine learning
feature selection
static analysis