网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (7): 25-32.doi: 10.11959/j.issn.2096-109x.2017.00179
张东,张尧,刘刚,宋桂香
修回日期:
2017-07-02
出版日期:
2017-07-01
发布日期:
2017-08-01
作者简介:
张东(1974-),男,山东威海人,浪潮电子信息产业股份有限公司高级工程师,主要研究方向为系统软件安全。|张尧(1988-),男,湖北襄阳人,博士,浪潮电子信息产业股份有限公司研究员,主要研究方向为网络安全、主机系统安全与应用密码学。|刘刚(1979-),男,四川德阳人,硕士,浪潮电子信息产业股份有限公司工程师,主要研究方向为操作系统安全、可信计算与云安全。|宋桂香(1978-),女,山东郓城人,浪潮电子信息产业股份有限公司工程师,主要研究方向为安全测评。
Dong ZHANG,Yao ZHANG,Gang LIU,Gui-xiang SONG
Revised:
2017-07-02
Online:
2017-07-01
Published:
2017-08-01
摘要:
对机器学习算法下主机恶意代码检测的主流技术途径进行了研究,分别针对静态、动态这2种分析模式下的检测方案进行了讨论,涵盖了恶意代码样本采集、特征提取与选择、机器学习算法分类模型的建立等要点。对机器学习算法下恶意代码检测的未来工作与挑战进行了梳理。为下一代恶意代码检测技术的设计和优化提供了重要的参考。
中图分类号:
张东,张尧,刘刚,宋桂香. 基于机器学习算法的主机恶意代码检测技术研究[J]. 网络与信息安全学报, 2017, 3(7): 25-32.
Dong ZHANG,Yao ZHANG,Gang LIU,Gui-xiang SONG. Research on host malcode detection using machine learning[J]. Chinese Journal of Network and Information Security, 2017, 3(7): 25-32.
[1] | 国家互联网应急中心. 2015年中国互联网网络安全报告[EB/OL]. . |
CNCERT/CC. 2015 China cyber security report[EB/OL]. . | |
[2] | ZHANG Y , WANG X , PERRIG A ,et al. Tumbler:adaptable link access in the bots-infested Internet[J]. Computer Networks, 2016,105: 180-193. |
[3] | 360威胁情报中心. 2016中国高级持续性威胁(APT)研究报告[EB/OL]. . |
360 Threat Intelligence Center. 2016 China APT research report[EB/OL]. . | |
[4] | COHEN P . Models of practical defenses against computer viruses[J]. Computers &Security, 1989,8(2): 149-160. |
[5] | VirusBulletin[EB/OL]. . |
[6] | Open Malware[EB/OL]. . |
[7] | VX Heavens[EB/OL]. . |
[8] | BAECHER P , KOETTER M , HOLZ T ,et al. The nepenthes platform:an efficient approach to collect malware[C]// The International Symposium on Recent Advances in Intrusion Detection (RAID). 2006: 165-184. |
[9] | 卡饭论坛[EB/OL]. . |
Kaspersky Forum[EB/OL]. . | |
[10] | HEX-RAYS SA . IDA pro introduction[EB/OL]. . |
[11] | ABOU-ASSALEH T , CERCONE N , KESELJ V ,et al. N-gram-based detection of new malicious code[C]// The 28th Annual International Computer Software and Applications Conference (COMPSAC). 2004: 41-42. |
[12] | KOLTER J Z , MALOOF M A . Learning to detect and classify malicious executables in the wild[J]. The Journal of Machine Learning Research, 2006(7): 2721-2744. |
[13] | MOSKOVITCH R , STOPEL D , FEHER C ,et al. Unknown malcode detection via text categorization and the imbalance problem[C]// IEEE International Conference on Intelligence and Security Informatics (ISI). 2008: 156-161. |
[14] | KARIM M E , WALENSTEIN A , LAKHOTIA A ,et al. Malware phylogeny generation using permutations of code[J]. Journal in Computer Virology, 2005,1(1/2): 13-23. |
[15] | SIDDIQUI M , WANG M C , LEE J . Data mining methods for malware detection using instruction sequences[C]// The Artificial Intelligence and Applications (AIA). 2008. |
[16] | MOSKOVITCH R , FEHER C , TZACHAR N ,et al. Unknown malcode detection using opcode representation[C]// European Conference on Intelligence and Security Informatics(EuroISI). 2008: 204-215. |
[17] | SCHULTZ M G , ESKIN E , ZADOK F ,et al. Data mining methods for detection of new malicious executables[C]// IEEE Symposium on Security and Privacy (S&P). 2001: 38-49. |
[18] | LAI Y , . A feature selection for malicious detection[C]// The 9th International Conference on Software Engineering,Artificial Intelligence,Networking,and Parallel/Distributed Computing. 2008: 365-370. |
[19] | DING Y , YUAN X , TANG K ,et al. A fast malware detection algo-rithm based on objective-oriented association mining[J]. Computers &Security, 2013,39: 315-324. |
[20] | MARICONTI E , ONWUZURIKE L , ANDRIOTIS P ,et al. MA-MADROID:detecting android malware by building Markov chains of behavioral models[C]// The Symposium on Network and Distributed System Security (NDSS). 2017. |
[21] | SCHWARTZ E J , AVGERINOS T , BRUMLEY D . All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)[C]// IEEE Symposium on Security and Privacy (S&P). 2010: 317-331. |
[22] | CHRISTODORESCU M , JHA S , KRUEGEL C . Mining specifications of malicious behavior[C]// The 1st India Software Engineering Conference. 2008: 5-14. |
[23] | RIECK K , HOLZ T , WILLEMS C ,et al. Learning and classification of malware behavior[C]// The International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment (DIMVA). 2008: 108-125. |
[24] | 杨轶, 苏璞睿, 应凌云 ,等. 基于行为依赖特征的恶意代码相似性比较方法[J]. 软件学报, 2011,22(10): 2438-2453. |
YANG Y , SU P , YING L ,et al. Dependency-based malware similarity comparison method[J]. Journal of Software, 2011,22(10): 2438-2453. | |
[25] | IMRAN M , AFZAL M T , QADIR M A . Malware classification using dynamic features and hidden markov model[J]. Journal of Intelligent &Fuzzy Systems, 2016,31(2): 837-847. |
[26] | ANDERSON B , QUIST D , NEIL J ,et al. Graph-based malware detection using dynamic analysis[J]. Journal in Computer Virolo-gy, 2011,7(4): 247-258. |
[27] | TRINIUS P , WILLEMS C , HOLZ T ,et al. A malware instruction set for behavior-based analysis[C]// The 5th GI Conference on Sicherheit,Schutz und Zuverl assigkeit. 2010: 205-216. |
[28] | 杨晔 . 基于行为的恶意代码检测方法研究[D]. 西安:西安电子科技大学, 2015. |
YANG Y . Research on detection method of malware based on behavior[D]. Xi’an:Xidian University, 2015. | |
[29] | HUANG W , STOKES J W . MtNet:a multi-task neural network for dynamic malware classification[C]// The International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment(DIMVA). 2016: 399-418. |
[1] | 张颖君,刘尚奇,杨牧,张海霞,黄克振. 基于日志的异常检测技术综述[J]. 网络与信息安全学报, 2020, 6(6): 1-12. |
[2] | 周天昱,申文博,杨男子,李金库,秦承刚,喻望. Docker组件间标准输入输出复制的DoS攻击分析[J]. 网络与信息安全学报, 2020, 6(6): 45-56. |
[3] | 付溪,李晖,赵兴文. 网络钓鱼识别研究综述[J]. 网络与信息安全学报, 2020, 6(5): 1-10. |
[4] | 超凡,杨智,杜学绘,孙彦. 基于深度神经网络的Android恶意软件检测方法[J]. 网络与信息安全学报, 2020, 6(5): 67-79. |
[5] | 何康,祝跃飞,刘龙,芦斌,刘彬. 敌对攻击环境下基于移动目标防御的算法稳健性增强方法[J]. 网络与信息安全学报, 2020, 6(4): 67-76. |
[6] | 袁福祥,刘粉林,刘翀,刘琰,罗向阳. MLAR:面向IP定位的大规模网络别名解析[J]. 网络与信息安全学报, 2020, 6(4): 77-94. |
[7] | 尹小康,刘鎏,刘龙,刘胜利. PPC和MIPS指令集下二进制代码中函数参数个数的识别方法[J]. 网络与信息安全学报, 2020, 6(4): 95-103. |
[8] | 骆子铭,许书彬,刘晓东. 基于机器学习的TLS恶意加密流量检测方案[J]. 网络与信息安全学报, 2020, 6(1): 77-83. |
[9] | 黄伟,刘存才,祁思博. 针对设备端口链路的LSTM网络流量预测与链路拥塞方案[J]. 网络与信息安全学报, 2019, 5(6): 50-57. |
[10] | 宋蕾, 马春光, 段广晗. 机器学习安全及隐私保护研究进展[J]. 网络与信息安全学报, 2018, 4(8): 1-11. |
[11] | 肖达,刘博寒,崔宝江,王晓晨,张索星. 基于程序基因的恶意程序预测技术[J]. 网络与信息安全学报, 2018, 4(8): 21-30. |
[12] | 明拓思宇, 陈鸿昶. 文本摘要研究进展与趋势[J]. 网络与信息安全学报, 2018, 4(6): 1-10. |
[13] | 王正琦,冯晓兵,张驰. 基于两层分类器的恶意网页快速检测系统研究[J]. 网络与信息安全学报, 2017, 3(8): 44-60. |
[14] | 张茜,延志伟,李洪涛,耿光刚. 网络钓鱼欺诈检测技术研究[J]. 网络与信息安全学报, 2017, 3(7): 7-24. |
[15] | 叶益林,周振吉,洪征,颜慧颖,吴礼发. 基于静态分析的Android应用事件输入生成方法[J]. 网络与信息安全学报, 2017, 3(6): 21-32. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||