您的位置:首页  > 论文页面

基于逆向工程的恶意代码检测

发表时间:2021-06-19  浏览量:236  下载量:42
全部作者: 姜倩玉,王凤英,贾立鹏
作者单位: 山东理工大学计算机科学与技术学院
摘 要: 现有的通过行为信息检测恶意代码的方法通常采用图匹配或者应用程序接口(application programming interface,API)调用序列模式挖掘,存在局限性,如图匹配会随着恶意代码数量的增加而变得越来越复杂。为提高恶意代码检测准确率,提出一种基于逆向工程的恶意代码检测方法。通过逆向方法提取样本行为中的API行为序列,首先采用行为匹配模块对样本进行检测,将样本划分为黑白灰3个区域,黑色区域代表样本为恶意程序,白色区域代表样本为正常程序,灰色区域表示不确定样本的性质。对灰色区域的样本,进一步采用检测模块进行检测,将样本的API调用序列通过马尔可夫链中的状态转移概率矩阵转化为马尔可夫图像,采用卷积神经网络(convolutional neural networks,CNN)算法进行检测,检测准确率为99.7%.
关 键 词: 计算机科学技术基础学科;恶意代码;逆向工程;马尔可夫图像
Title: Malicious code detection based on reverse engineering
Author: JIANG Qianyu, WANG Fengying, JIA Lipeng
Organization: School of Computer Science and Technology, Shandong University of Technology
Abstract: The existing methods of detecting malicious code through behavior information usually adopt graph matching or application programming interface (API) call sequence pattern mining, which has limitations. Graph matching will become more and more complex as the number of malicious code increases. In order to improve the detection accuracy of malicious code, a method of detecting malicious code based on reverse engineering is proposed. The API behavior sequence in the sample behavior is extracted by reverse method, and the behavior matching module is first used to detect the sample. The samples are divided into black-white-grey three regions, the black region represents samples for malicious program, the white region represents samples for normal program, the grey region represents the nature of the sample is not determined. For the samples in the grey region, the detection module is further used for detection, the API call sequence of the samples is converted into Markov images through the state transition probability matrix in the Markov chain, and the convolutional neural network (CNN) algorithm is used for detection. The detection accuracy is 99.7%.
Key words: basic subject of computer science and technology; malicious code; reverse engineering; Markov images
发表期数: 2021年6月第2期
引用格式: 姜倩玉,王凤英,贾立鹏. 基于逆向工程的恶意代码检测[J]. 中国科技论文在线精品论文,2021,14(2):148-159.
 
2 评论数 0
暂无评论
友情链接