基于程序基因的恶意程序预测技术

doi:10.11959/j.issn.2096-109x.2018069

Abstract

Abstract:

With the development of Internet technology,malicious programs have risen explosively.In the face of executable files without source,the current mainstream malware detection uses feature detection based on similarity,with lack of analysis of malicious sources.To resolve this status,the definition of program gene was raised,a generic method of extracting program gene was designed,and a malicious program prediction method was proposed based on program gene.Utilizing machine learning and deep-learning algorithms,the forecasting system has good prediction ability,with the accuracy rate of 99.3% in the deep-learning model,which validates the role of program gene theory in the field of malicious program analysis.

Key words: program gene, dynamic analysis, basic block, malware prediction

CLC Number:

TP309.5

Da XIAO,Bohan LIU,Baojiang CUI,Xiaochen WANG,Suoxing ZHANG. Malware prediction technique based on program gene[J]. Chinese Journal of Network and Information Security, 2018, 4(8): 21-30.

Figures/Tables 12

References 11

[12]	LIU K , ZHENG T , WEI L . A software birthmark based on system call and program data dependence[C]// Web Information System and Application Conference. IEEE, 2015: 105-110.
[13]	韩金, 单征, 赵炳麟 ,等. 基于软件基因的 Android 恶意软件检测与分类[J]. 计算机应用研究, 2019(6).
	HAN J , SHAN Z , ZHAO B L ,et al. Detection and classification of Android malware based on malware gene[J]. Application Research of Computers, 2019(6).
[14]	赵晶玲, 陈石磊, 曹梦晨 ,等. 基于离线汇编指令流分析的恶意程序算法识别技术[J]. 清华大学学报(自然科学版), 2016(5): 484-492.
	ZHAO J L , CHEN S L , CAO M C ,et al. Malware algorithm recognition based on offline instruction-flow analyse[J]. Journal of Tsinghua University(Science and Technology), 2016(5): 484-492.
[15]	陈晨 . 基于操作码行为深度学习的恶意代码检测方法[D]. 黑龙江:哈尔滨工业大学, 2013.
	CHEN C . Malicious code detection based on opcode behavior deep learning[D]. Heilongjiang:Harbin Institute of Technology, 2013.
[16]	BERRAR D , DUBITZKY W . Information gain[M]. Springer New York, 2013.
[17]	RONG X . Word2vec parameter learning explained[J]. Computer Science, 2014.
[18]	MIKOLOV T , CHEN K , CORRADO G ,et al. Efficient estimation of word representations in vector space[J]. Computer Science, 2013.
[19]	MIKOLOV T , SUTSKEVER I , CHEN K ,et al. Distributed Representations of Words and Phrases and their Compositionality[J].NIPS'13 Proceedings of the 26th International Conference on Neural Information Processing Systems, 2013. 3111-3119.
[20]	周志华 . 机器学习:= Machine learning[M]. 北京: 清华大学出版社, 2016.
	ZHOU Z H . Machine learning[M]. Beijing: Tsinghua University PressPress, 2016.
[21]	CHUA L O , ROSKA T . CNN paradigm[J]. IEEE Transactions on Circuits ＆ Systems I Fundamental Theory ＆ Applications, 1993,40(3): 147-156.
[1]	2017 年度互联网安全报告[EB/OL]. .
	2017 Internet security report[EB/OL]. .
[2]	阮斌 . 《2017年中国网络安全报告》发布[J]. 计算机与网络, 2018(5).
	RUAN B . 2017 China cyber security report released[J]. Computer＆ Network, 2018(5).
[3]	SANTOS I , BREZO F , NIEVES J ,et al. Idea:opcode- sequence-based malware detection[C]// International Conference on Engineering Secure Software and Systems. Springer-Verlag, 2010: 35-43.
[4]	孙博文, 黄炎裔, 温俏琨 ,等. 基于静态多特征融合的恶意软件分类方法[J]. 网络与信息安全学报, 2017,3(11): 68-76.
	SUN B W , HUANG Y Y , WEN Q K ,et al. Malware classification method based on static multiple-feature fusion[J]. Chinese Journal of Network and Information Security, 2017,3(11): 68-76.
[5]	白金荣, 王俊峰, 赵宗渠 . 基于 PE 静态结构特征的恶意软件检测方法[J]. 计算机科学, 2013,40(01): 122-126.
	BAI J R , WANG J F , ZHAO Z Q . Malware detection approach based on structural feature of PE file[J]. Computer Science, 2013,40(01): 122-126.
[6]	QEMU[EB/OL]. .
[7]	Pin-a dynamic binary instrumentation tool[EB/OL]. .
[8]	曹梦晨 . 基于沙箱指令流快照的恶意程序智能识别技术研究[D]. 北京邮电大学, 2017.
	CAO M C , . Research on malware intelligent recognition technology based on sandbox instruction flow snapshot[D]// Beijing University of Posts and Telecommunications, 2017.
[9]	LI H J , TIEN C W , TIEN C W ,et al. AOS:An optimized sandbox method used in behavior-based malware detection[C]// International Conference on Machine Learning and Cybernetics. IEEE, 2011: 404-409.
[10]	FIRDAUSI I , LIM C , ERWIN A ,et al. Analysis of machine learning techniques used in behavior-based malware detection[C]// Second International Conference on Advances in Computing,Control and Telecommunication Technologies. 2010: 201-203.
[11]	CHAN P P F , HUI L C K , YIU S M . Dynamic software birthmark for java based on heap memory analysis[M]// Communications and Multimedia Security. Springer Berlin Heidelberg, 2011: 94-107.

Metrics

Recommended 0

No Suggested Reading articles found!

样本来源		检测结果
样本来源	恶意样本		非恶意样本
恶意样本	TP		FN
非恶意样本	FP		TN

模型	准确率	精确率	召回率	F₁分数
SVM	0.865	0.880	0.930	0.905
朴素贝叶斯	0.860	0.873	0.931	0.901
随机森林	0.899	0.936	0.915	0.925
决策树	0.895	0.925	0.923	0.923
K近邻	0.904	0.931	0.929	0.930
逻辑回归	0.874	0.893	0.929	0.910

模型	准确率	精确率	召回率	F₁分数
SVM	0.898	0.897	0.970	0.932
朴素贝叶斯	0.720	0.868	0.821	0.852
随机森林	0.886	0.920	0.922	0.921
决策树	0.870	0.906	0.914	0.910
K近邻	0.894	0.910	0.946	0.928
逻辑回归	0.896	0.913	0.947	0.930

模型	准确率	精确率	召回率	F₁分数
SVM	0.913	0.999	0.834	0.910
朴素贝叶斯	0.907	0.979	0.841	0.905
随机森林	0.921	0.943	0.886	0.914
决策树	0.915	0.980	0.838	0.912
K近邻	0.915	0.999	0.839	0.912
逻辑回归	0.915	0.961	0.836	0.911

模型	准确率	精确率	召回率	F₁分数
SVM	0.844	0.940	0.752	0.836
朴素贝叶斯	0.806	0.864	0.872	0.868
随机森林	0.931	0.923	0.947	0.935
决策树	0.910	0.873	0.954	0.912
K近邻	0.916	0.893	0.954	0.922
逻辑回归	0.848	0.917	0.780	0.843

Malware prediction technique based on program gene

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 11

Related Articles 4

Metrics

Recommended 0

[1]	Dong ZHANG,Yao ZHANG,Gang LIU,Gui-xiang SONG. Research on host malcode detection using machine learning [J]. Chinese Journal of Network and Information Security, 2017, 3(7): 25-32.
[2]	Yi-lin YE,Zhen-ji ZHOU,Zheng HONG,Hui-ying YAN,Li-fa WU. Static-analysis-based event input generation approach for Android application [J]. Chinese Journal of Network and Information Security, 2017, 3(6): 21-32.
[3]	Yue-xiu XING,Ai-qun HU,Yong-jian WANG,Ran ZHAO. Research on multi-dimensional iOS privacy disclosure evaluation model [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 73-79.
[4]	Jia CHEN,Shan-qing1 GUO. Toward discovering and exploiting private server-side Web API [J]. Chinese Journal of Network and Information Security, 2016, 2(12): 27-38.

n	准确率
n=1	0.939
n=2	0.993
n=3	0.907
n=4	0.916