| 软件结构属性分析与恶意软件检测 |
| |
| 引用本文: | 程斌林,傅建明,许静.软件结构属性分析与恶意软件检测[J].武汉大学学报(理学版),2010,56(2). |
| |
| 作者姓名: | 程斌林 傅建明 许静 |
| |
| 作者单位: | 1. 武汉大学,计算机学院,湖北,武汉,430072
2. 武汉大学,计算机学院,湖北,武汉,430072;武汉大学,空天信息安全与可信计算教育部重点实验室,湖北,武汉,430072;武汉大学,软件工程国家重点实验室,湖北,武汉,430072 |
| |
| 基金项目: | 国家重点基础研究发展计划(973)项目(2007CB310800); 国家高技术研究发展计划(863)项目(2007AA01Z411); 国家自然科学基金(90718005,90718006)资助项目 |
| |
| 摘 要: | 任何可执行文件都必须满足一定的结构特征.本文以Windows平台下的PE文件为研究对象,从PE头、节头、节代码出发,给出了17个结构特征;针对给定正常软件和各类恶意软件,获得了这些属性取值分布特征;采用多类数据挖掘分类技术获得了正常软件与恶意软件的判定规则.实验结果表明,C5.0的分类算法检测准确性最好,达到94.16%.这些规则可以为软件可信性度量提供依据.
|
| 关 键 词: | 可信软件 恶意软件 结构完整性 数据挖掘 |
Analyzing of Software Structural Features and Malware Detection |
| |
| CHENG Binlin,FU Jianming,XU Jing.Analyzing of Software Structural Features and Malware Detection[J].JOurnal of Wuhan University:Natural Science Edition,2010,56(2). |
| |
| Authors: | CHENG Binlin FU Jianming XU Jing |
| |
| Institution: | CHENG Binlin1,FU Jianming1,2,3,XU Jing1(1.School of Computer,Wuhan University,Wuhan 430072,Hubei,China,2.Key Laboratory of Aerospace Information Security , Trusted Computing ofMinistry of Education,3.State Key Laboratory of Software Engineering,China) |
| |
| Abstract: | Every executive binary has a well-defined structure.On the basis of PE under Windows,seventeen structural features are given;values ranges are gained from different kinds of software: benign software and kinds of malware.And then the detection rules between benign software and malware are discovered by using several kinds of mining algorithm,among of which the C5.0 algorithm has the best accuracy,which is 94.16%.Also,this detection rules can be used to measure the trust of software. |
| |
| Keywords: | trusted software malware structural integrity data mining |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
