摘要
分析了当前对抗传统特征提取的主要技术特点,提出了恶意代码族群相关度的概念,根据同一恶意代码的不同变种的主体代码函数调用图的相似性和不同恶意代码为实现相同功能使用共同的内核函数的特点,给出了一种基于函数调用图和内核函数调用集合的恶意代码族群特征提取方法.该方法使用函数调用图中的节点度特征进行匹配比较,并使用集合运算获取函数特征.实验表明,利用该方法进行病毒检测具有较低漏报率和误报率,并对未知恶意代码的防范具有积极意义.
Technical features of the anti-detection method of malicious codes are analyzed.A new concept of family correlation measure is given.According to code function graph(CFG) similarity of different varieties of the same malicious code and the feature of common kernel function call of the different malicious code,the new extraction and analysis methods of malicious code characteristics which are based on the CFG and the set of common kernel function call are put forward,the method uses the nodes鈥?degree characteristics in CFG to match and uses set operations to obtain function characteristics.At last,the method is verified.The experiments result shows that the proposed method works in most cases of detection and only has minor errors in few conditions.The method has very positive sense to unknown malicious code detection.
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2010年第4期46-49,共4页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
基金
国家自然科学基金资助项目(10661007)
江西省自然科学基金资助项目(2007GZS1054)
江西省教育厅青年科学基金资助项目(GJJ10129)
关键词
数据安全
病毒
特征提取
恶意代码
族群
病毒检测
data security
viruses
characteristics extraction
malicious code
family
virus detection
