摘要
通过灰度共生矩阵表示恶意代码灰度图像纹理特征,采用4个不同方向表示、贡献最大的6个统计量,构成24维恶意代码纹理特征向量,然后采用SimHash算法将纹理特征向量生成恶意代码图像感知哈希,并通过布隆过滤器构建恶意代码图像感知哈希高效索引结构,将检索时间复杂度和空间复杂度降低常数.经测试,提出的方法对近万个恶意代码及其变种的样本数据的分类准确率超过94%,并能够在普通PC机上实现实时检测.实验结果表明,文章提出的海量恶意代码分类方法具有速度快、准确率高的特点.
By using a gray-level co-occurrence matrix to characterize the texture features of gray-scale images of malwares,this paper selects six statistics of the greatest contribution in four different directions to construct a 24-dimensional malware texture feature vector,and applies the SimHash algorithm to generate the perceptual image hashing of the malwares.An efficient index structure of the perceptual image hashing is then constructed from a Bloom filter to reduce the constants of retrieval time and space complexity.According to the testing results,the proposed method has achieved an accuracy rate of over 94%in classifying the sample data of nearly 10,000 malwares and their variants,and realized real-time detection on ordinary PCs.The experimental results show that the proposed classification method features a fast detection speed and a high accuracy rate.
作者
余健
黄泽坛
YU Jian;HUANG Ze-tan(College of Computer and Information Engineering,Hanshan Normal University,Chaozhou,Guangdong,521041)
出处
《韩山师范学院学报》
2019年第3期10-16,共7页
Journal of Hanshan Normal University
基金
2017年度广东省教育厅创新强校项目(项目编号:2017KTSCX122)
关键词
恶意代码分类
灰度图像
感知哈希
灰度共生矩阵
纹理特征
malware classification
gray-scale images
perceptual hashing
gray-level co-occurrence matrix
texture features
