摘要
基于统计学习理论,提出了脚本病毒的统计分析方法.其主要思想是,对脚本病毒样本代码进行明文的统计分析,得到其关键字的分布概率,以及附加统计信息后,利用该知识识别未知网络病毒.实验结果表明本方法对于未知网络脚本病毒具有很高的识别率.
Network script virus take up a large percentage of current network viruses and it is very hard for using traditional methods to detect them, especially the mutation of script virus, because of its flexible programming format. Unknown network script virus can barely be identified. In this paper,a recognition method for network script virus based on statistical analysis is proposed. This method uses static analysis to identify the dangerous key words of script virus, and then monitors the executables at runtime to verify its virus features. The leading idea of this technique is that analyze the plain text of the script virus, obtain its dangerous key words statistical information, and recognize the script virus by that knowledge. Experiment result shows that this technique is highly effective on recognition rate.
出处
《计算机学报》
EI
CSCD
北大核心
2006年第6期969-975,共7页
Chinese Journal of Computers
基金
国家"八六三"高技术研究发展计划项目基金(2002AA142130)资助
关键词
网络病毒
病毒识别
统计
统计分析
特征检测
network virus
virus recognition
statistics
statistical analysis
feature detection
