摘要
根据不同恶意软件通过特定的系统调用序列来实现相同功能的特点,给出一种基于恶意软件行为序列的特征提取方法,采用机器学习进行恶意软件检测.使用c-bow模型作为特征提取方法,综合考虑特征频率和信息增益,更加准确地选取有效特征,从而提高检测性能.实验结果证明,该方法能有效提高恶意软件的检测率和准确率.
According to the characteristics of the different malicious software use, the specific system calls to achieve the same functions. A feature extract ion method based on malicious software behavior sequence is given and uses machine learning technique to detect malware. System call sequence can take advantages of understandable function information and actual execution condition for malware analysis. The malicious behavior information and characteristics can be easily found from the function information, and malware detection or classification can be realized by analyzing the whole or local information of system call sequence. This paper proposes a approach based on c-bow system call sequence to malware behavioral signature extraction and detection. A new concept of system API calling characteristics se t of malicious codes is given, using c-bow as the feature extract ion method as well as considering the feature frequency and information gain. Fur the r ,a prototype system is evaluated by multiple malware samples. Experimental results show that the proposed method can effectively improve the detection rate and accuracy of malicious software
出处
《信息安全研究》
2016年第4期367-371,共5页
Journal of Information Security Research
