一种基于行为分析和KNN算法的恶意软件检测模型
A Malware Detection Model Based on Behavior Analysis and KNN Algorithm
DOI: 10.12677/CSA.2017.76060, PDF, HTML, XML,  被引量 下载: 1,921  浏览: 7,039  科研立项经费支持
作者: 马春波, 曾 坤*:桂林电子科技大学信息与通信学院,广西 桂林
关键词: 恶意软件行为特征KNN算法检测模型Malware Behavior Characteristic KNN Algorithm Detection Model
摘要: 为了解决传统恶意软件检测技术无法应对未知恶意软件的问题,提出了一种基于行为分析和KNN算法的恶意软件检测模型。该模型以总结归纳的恶意软件行为特征为基础,采用信息增益算法对行为特征进行降维,利用基于开源沙盒的行为提取引擎对样本的行为特征进行分析和提取,并在检测引擎中使用改进的KNN算法进行恶意软件的检测。实验结果表明,此模型具有良好的未知恶意软件检测能力,同时实现了较高的检测率、准确率以及较低的误报率。
Abstract: In order to solve the problem that traditional malware detection technology can’t deal with un-known malware, a malware detection model which is based on behavior analysis and KNN algo-rithm is proposed. On the basis of summarized behavior characteristics of malware, the model adopts information gain method to reduce dimensionality of behavior characteristics, and utilizes the behavior extraction engine which is based on open source sandbox to analyze and extract behavior characteristics and uses improved KNN algorithm in the detection engine to detect malware. The results of experiment demonstrate that the model has a good capability to detect unknown malware, and achieves a high FPR, AR and a low FPR.
文章引用:马春波, 曾坤. 一种基于行为分析和KNN算法的恶意软件检测模型[J]. 计算机科学与应用, 2017, 7(6): 491-498. https://doi.org/10.12677/CSA.2017.76060

参考文献

[1] Rieck, K., Trinius, P. and Willems, C. (2011) Automatic Analysis of Malware Behavior Using Machine Learning. Journal of Computer Security, 19, 639-668.
https://doi.org/10.3233/JCS-2010-0410
[2] Ding, Y., Dai, W. and Yan, S. (2014) Control Flow-Based Opcode Behavior Analysis for Malware Detection. Computers and Security, 44, 65-74.
https://doi.org/10.1016/j.cose.2014.04.003
[3] 吴冰, 云晓春, 高琪. 基于网络的恶意代码检测技术[J]. 通信学报, 2007, 28(11): 92-96.
[4] Hisham, S.G., Yousef, B.M. and Mohammed, A.A. (2016) Behavior-Based Features Model for Malware Detection. Journal of Computer Virology and Hacking Techniques, 12, 59-67.
https://doi.org/10.1007/s11416-015-0244-0
[5] Engin, K. (2006) Behavior Based Spyware Detection. Proceedings of the 15th USENIX Security Symposium, Vancouver, 5-9 August 2002, 246-253.
[6] 张小康, 帅建梅, 史林. 基于加权信息增益的恶意代码检测方法[J]. 计算机工程, 2010, 36(6): 149-151.
[7] 赵云程, 慕德俊, 戴航. 双重恶意代码检测系统的设计与实现[J]. 计算机技术与发展, 2013, 23(10): 111-114.
[8] 韩小素, 庞建民, 岳峰. 一种恶意代码变种检测的有效方法[J]. 计算机安全, 2010(9): 53-57.
[9] 张程. 基于行为检测的恶意代码查杀引擎技术研究[D]: [硕士学位论文]. 北京: 北京邮电大学, 2012.
[10] 赵恒立. 恶意代码检测与分类技术研究[D]: [硕士学位论文]. 杭州: 杭州电子科技大学, 2009.
[11] 龚培娇. 虚拟环境下恶意代码检测技术与防范模型的研究[D]: [硕士学位论文]. 西安: 西安建筑科技大学, 2014.