| 基于PE静态结构特征的恶意软件检测方法 |
| |
| 引用本文: | 白金荣,王俊峰,赵宗渠.基于PE静态结构特征的恶意软件检测方法[J].计算机科学,2013,40(1):122-126. |
| |
| 作者姓名: | 白金荣 王俊峰 赵宗渠 |
| |
| 作者单位: | (四川大学计算机学院 成都610065);(云南玉溪师范学院信息技术工程学院 玉溪653100) |
| |
| 基金项目: | 国家“863”计划基金项目(2008AA01Z208);四川省青年基金(09ZQ026-028)资助 |
| |
| 摘 要: | 针对现有检测方法的不足,提出了一种通过挖掘PE文件结构信息来检测恶意软件的方法,并用最新的PE格式恶意软件进行了实验。结果显示,该方法以99.1%的准确率检测已知和未知的恶意软件,评价的重要指标AUC值是0.998,已非常接近最优值1,高于现有的静态检测方法。同时,与其他方法相比,该检测方法的处理时间和系统开销也是较少的,对采用加壳和混淆技术的恶意软件也保持稳定有效,已达到了实时部署使用要求。此外,现有的基于数据挖掘的检测方法在特征选择时存在过度拟合数据的情况,而该方法在这方面具有较强的鲁棒性。
|
| 关 键 词: | 恶意软件检测 结构特征 数据挖掘 PE |
Malware Detection Approach Based on Structural Feature of PE File |
| |
| BAI Jin-rong,WANG Jun-feng,ZHAO Zong-qu.Malware Detection Approach Based on Structural Feature of PE File[J].Computer Science,2013,40(1):122-126. |
| |
| Authors: | BAI Jin-rong WANG Jun-feng ZHAO Zong-qu |
| |
| Affiliation: | 1 (College of Computer Science and Technology,Sicuan University,Chengdu 610065,China)1(School of Information Technology and Engineering,Yuxi Normal University,Yuxi 653100,China)2 |
| |
| Abstract: | In order to solve the problems existing in malware detection, we proposed a novel malware detection approach by mining structural features of PE (Portable Executable) files and conducted the against recent Win32 malwares. Experimental results indicate that the accuracy of our method is 99. 1% and the value of the AUC is 0. 998 which is close to 1(The AUC value of the best possible classifier) and better than that of other static approaches. Compared with other static approaches, our method achieves higher detection accuracy with less detection time, is hard to evade by malware which applies the obfuscation and packing technique, and is real-time deployable. Most malware detection approaches using data mining may overfit experimental data in feature selection, but our experiments show that our method overcomes this problem. |
| |
| Keywords: | Malware detection Structural features Data mining PE |
| 本文献已被 CNKI 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
