| 基于模糊识别和支持向量机的联合Rootkit动态检测技术研究 |
| |
| 引用本文: | 李鹏,王汝传,高德华.基于模糊识别和支持向量机的联合Rootkit动态检测技术研究[J].电子学报,2012,40(1):115-120. |
| |
| 作者姓名: | 李鹏 王汝传 高德华 |
| |
| 作者单位: | 1. 南京邮电大学计算机学院,江苏南京210003;江苏省无线传感网高技术研究重点实验室,江苏南京210003;宽带无线通信与传感网技术教育部重点实验室,江苏南京210003
2. 南京邮电大学计算机学院,江苏南京,210003 |
| |
| 基金项目: | 国家自然科学基金,江苏省科技支撑计划(工业)项目,省属高校自然科学研究重大项目,江苏省高校自然科学基础研究项目,高校科研成果产业化推进工程项目,江苏高校科技创新计划项目,江苏省六大高峰人才项目,教育部高等学校博士学科点专项科研基金,江苏省计算机信息处理技术重点实验室基金 |
| |
| 摘 要: | 针对Rootkit恶意代码动态检测技术进行研究.总结出典型Rootkit恶意程序动态行为所调用的系统API函数.实时统计API调用序列生成元并形成特征向量,通过模糊隶属函数和模糊权向量,采用加权平均法得到模糊识别的评估结果;基于层次的多属性支持向量机分析法构建子任务;基于各个动态行为属性的汉明距离定位Rootkit的类型.提出的动态检测技术提高了自动检测Rootkit的准确率,也可以用于检测未知类型恶意代码.
|
| 关 键 词: | 网络安全 恶意代码 模糊识别 支持向量机 API系统调用 |
| 收稿时间: | 2011-04-19 |
Research on Rootkit Dynamic Detection Based on Fuzzy Pattern Recognition and Support Virtual Machine Technology |
| |
| LI Peng,WANG Ru-chuan,GAO De-hua.Research on Rootkit Dynamic Detection Based on Fuzzy Pattern Recognition and Support Virtual Machine Technology[J].Acta Electronica Sinica,2012,40(1):115-120. |
| |
| Authors: | LI Peng WANG Ru-chuan GAO De-hua |
| |
| Affiliation: | 1(1.College of Computer,Nanjing University of Posts and Telecommunications,Nanjing,Jiangsu 210003,China;2.Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Jiangsu Province,Nanjing,Jiangsu 210003,China;3.Key Lab of Broadband Wireless Communication and Sensor Network Technology(Nanjing University of Posts and Telecommunications),Ministry of Education,Jiangsu Province,Nanjing,Jiangsu 210003,China) |
| |
| Abstract: | Dynamic detection technology of Rootkit malicious code has been studied.It summarizes typical dynamic system API functions which are called by Rootkit malicious codes.It extracts behavioural characters of the typical system API functional series accompany with the running of malicious code,forms feature vectors by counting up the generating elements important degree of system call series,uses fuzzy membership function and normalization fuzzy weights vector,and comes to the fuzzy pattern recognition conclusion with the use of weighted averaging method.It exactly locates the types of Rootkit malicious code based on the analysis method of layered multi-attributes support virtual machine,according to the subtasks constructed by the independent API system call behaviours,and with the calculation of hamming distance of dynamic behaviour properties.Experiments indicates the proposed dynamic detection method of combining fuzzy pattern recognition with support virtual machine technology not only improves the accuracy rate of Rootkit automatic detection but also has the ability of detecting the previous unknown type malicious code. |
| |
| Keywords: | network security malicious code fuzzy pattern recognition support virtual machine application programming interface system call |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《电子学报》浏览原始摘要信息 |
|
点击此处可从《电子学报》下载全文 |
|
