期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于序列模式发现的恶意行为检测方法 被引量:3

Malicious Behavior Detection Method Based on Sequential Pattern Discovery
在线阅读 下载PDF
导出
摘要 为有效预防变形病毒和新出现的恶意软件,提出一种基于序列模式发现的恶意行为静态检测方法。将恶意代码转换为汇编代码,对其进行预处理,采用类Apriori算法完成序列模式发现,并去除正常模式,得到可用于未知恶意代码检测的模式集合。实验结果表明,该方法的正确率较高、漏报率较低。 To prevention metamorphism and new malware effectly, a static detection method based on data mining is proposed and its key technique is discussed. Melware code is disassembled and preprocessed into sequential data, an Apriori-like algorithm is used to discover sequential pattern and remove normal pattern, the result pattern set can be used to detect unknown malware. Experimental result shows that the method has high accuracy rate and low false positive rate.
作者 王新志 孙乐昌 张旻 陈韬
机构地区 解放军电子工程学院网络系
出处 《计算机工程》 CAS CSCD 北大核心 2011年第24期1-3,共3页 Computer Engineering
基金 国家自然科学基金资助项目(60972161)
关键词 恶意行为检测 序列模式发现 软件行为 汇编指令 静态检测 malicious behavior detection sequential pattern discovery software behavior assembly instruction static detection
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献8

  • 1Nwokedi I, Mathur A P. A Survey of Malware Detection Tech- niques[EB/OL]. (2007-02-02). http://www.cs.purdue.edu/homes/ nidika/serc-tr286.pdf.
  • 2Lee W, Stolfo S J, Chan P K. Learning Patterns from Unix Process Execution Traces for Intrusion Detection[C] //Proc. of AAAI’97 Workshop on AI Approaches to Fraud Detection and Risk Management. Providence, USA: [s. n.] , 1997.
  • 3Lee W, Stolfo S J. Data Mining Approaches for Intrusion Detection[C] //Proc. of the 7th USENIX Security Symposium. San Antonio, USA: [s. n.] , 1998.
  • 4Mihai C, Somesh J, Christopher K. Mining Specifications of Malicious Behavior[C] //Proc. of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering. Dubrovnik, Croatia: [s. n.] , 2007.
  • 5Matthew G S, Eleazar E, Erez Z. Data Mining Methods for Detection of New Malicious Executables[C] //Proc. of IEEE Symposium on Security and Privacy. Oakland, USA: IEEE Computer Society, 2001.
  • 6王丽娜,谭小彬,潘剑锋,奚宏生.恶意代码检测中的PrefixSpan算法应用[J].计算机工程,2010,36(7):119-121. 被引量:3
  • 7Mila D, Mihai C, Somesh J. A Semantics-based Approach to Malware Detection[C] //Proc. of the 34th ACM Symposium on Principles of Programming Languages. Nice, France: ACM Press, 2007.
  • 8王成,庞建民,赵荣彩,王强.基于可疑行为识别的PE病毒检测方法[J].计算机工程,2009,35(15):132-134. 被引量:6

二级参考文献10

  • 1Skoudis E,Zehser L.Malware:Fighting Malicious Code[M].[S.l.]:Prentice Hall,2003.
  • 2Kruegel C,Robertson W,Valeur F,et al.Static Disassembly of Obfuscatod Binaries[D].Santa Barbara,CA,USA:Reliable Software Group,Computer Science Department,University of California,2004.
  • 3Christodorescu M,Jha S.Static Analysis of Executables to Detect Malicious Patterns[C]//Proceedings of the 12th USENIX Security Symposium.BerKeley,CA,USA:[s.n.],2003.
  • 4Kephart J, Arnold W. Automatic Extraction of Computer Virus Signatures[C]//Proc. of 1994 lnt'l. Conf. on Virus Bulletin. Abingdon, England, UK: [s. n.], 1994: 178-184.
  • 5Mannila H, Toivonen H, Verkamo A I. Discovery of Frequent Episodes in Event Sequences[J]. Data Mining and Knowledge Discovery, 1997, 1(3): 259-289.
  • 6Agrawal R, Srikant R. Mining Sequential Pattems[C]//Proc. of ICDE'95. Taipei, China: [s. n.], 1995: 3-14.
  • 7Han Jiawei, Pei Jian, Mortazavil Q. FreeSpan: Frequent Pattern Projected Sequential Pattern Mining[C]//Proc. of KDD'00. Boston, MA, USA: [s. n.], 2000: 355-359.
  • 8Pei Jian, Han Jiawei, Pinto H, et al. PrefixSpan: Mining Sequential Patterns Efficiently by Prefix-projected Pattern Growth[C]//Proc. of ICDE'01. Heidelberg, Germany: [s. n.], 2001 : 215-224.
  • 9Agrawal R, Srikant R. Fast Algorithms for Mining Association Rules[C]//Proc. of VLDB'94. Santiago, Chile: [s. n.], 1994: 487-499.
  • 10戴超,庞建民,赵荣彩.采用条件跳转混淆技术的恶意代码反汇编[J].计算机工程,2008,34(8):153-155. 被引量:5

共引文献7

同被引文献21

  • 1张坤,朱扬勇.无重复投影数据库扫描的序列模式挖掘算法[J].计算机研究与发展,2007,44(1):126-132. 被引量:17
  • 2王硕,周激流,彭博.基于API序列分析和支持向量机的未知病毒检测[J].计算机应用,2007,27(8):1942-1943. 被引量:21
  • 3Konrad Rieck,Philipp Trinius,Carsten Willems,Thorsten Holz.Automatic analysis of malware behavior using machine learning[J].Journal of Computer Security.2011(4)
  • 4Cogswell B,Russinovich M.Rootkit revealer.http://www microsoB com/technet/sysinternals/Utilities/RootkitRevealermspx.
  • 5Schultz M G,Eskin E,Zadok E.Data Mining Methods for Detection of New Malicious Executables[C]∥IEEE Computer Society.2001:38-49.
  • 6Gong Tao.Research of Malware Detection Based on Data Mi-ning [D].Hefei:University of Science and Technology of China,2012(in Chinese).
  • 7KonradRieck.Learning and Classification of Malware Behavior[C]∥5th International Conference on Detection of Intrusions and Malware and Vulnerability Assessment(DIMVA 2008).Paris,France,2008:10-11.
  • 8An Jing,Yang Yi-xian,Li Zhong-xian.Obfuscated MaliciousCode Detection with Path Condition Analysis[J].Journal of Hunan University(Natural Sciences),2013,0(9):86-90(in Chinese).
  • 9Zhang Xiao-kang.Research of Malicious Code Detection Tech-nology Based on Data Mining and Machine Learning [D].Hefei:University of Science and Technology of China,2009(in Chinese).
  • 10朱莺嘤,叶茂,刘乃琦,李筝,郑凯元.基于Windows NativeAPI序列的系统行为入侵检测[J].计算机工程与应用,2008,44(18):109-112. 被引量:2

引证文献3

二级引证文献11

计算机工程
2011年 第24期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部