恶意代码检测研究前沿与发展趋势的计量分析
|
摘要
主要应用CiteSpace可视化工具,以近16年在恶意代码检测领域的CNKI中文期刊数据和WOS数据为研究对象,基于文献计量内容分析方法系统地回顾了国内外在恶意代码检测领域的关注点、研究脉络的发展规律、存在的共性与差异性和研究现状。通过对比国内外恶意代码检测的研究进展,可以发现目前恶意代码检测的研究处于增长阶段,并且研究主要关注领域为手机客户端和WEB应用安全等。同时,恶意代码检测研究目前存在的典型问题也暴露出来。展望了恶意代码检测研究可能的发展方向,为国内相关的研究提供参考。
In this paper, the bibliometric analysis method is used to systematically review the research concerns of malicious code detection at home and abroad, as well as the development law of research context, the existing commonalities and differences and research status in this field, by mainly using CiteSpace visualization tool to analyze the CNKI Chinese Journal data and WOS data for nearly 16 years in the field of malicious code detection. Through comparing the research progress of malicious code detection at home and abroad, it can be found that the current research on malicious code detection is at a high growth stage, and the research focuses on mobile client and WEB application security. At the same time, the typical problems existing in current malicious code detection research are also exposed. Finally, the possible directions of development for malicious code detection research are predicted in the conclusion of this article, which can provide a reference for the research of malicious code detection in China.
In this paper, the bibliometric analysis method is used to systematically review the research concerns of malicious code detection at home and abroad, as well as the development law of research context, the existing commonalities and differences and research status in this field, by mainly using CiteSpace visualization tool to analyze the CNKI Chinese Journal data and WOS data for nearly 16 years in the field of malicious code detection. Through comparing the research progress of malicious code detection at home and abroad, it can be found that the current research on malicious code detection is at a high growth stage, and the research focuses on mobile client and WEB application security. At the same time, the typical problems existing in current malicious code detection research are also exposed. Finally, the possible directions of development for malicious code detection research are predicted in the conclusion of this article, which can provide a reference for the research of malicious code detection in China.
引文
[1]Symantec.Internet security threat report[EB/OL].(2015).https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_GA-internet-security-threat-report-volume-20-2015-social_v2.pdf.
[2]Kaspersky Security Bulletin 2015.Overall statistics for 2015[EB/OL].(2015).https://securelist.com/kaspersky-security-bulletin-2015-overall-statistics-for-2015/73038/.
[3]Mobile malware evolution 2016.[EB/OL].(2016).https://securelist.com/mobile-malware-evolution-2016/77681.
[4]Symantec security response[EB/OL].https://www.symantec.com/connect/zh-hans/blogs/petya-0.
[5]安源,张玲.文献计量学在我国图书情报领域的应用研究进展综述磁[J].图书馆,2014(5):63-68.
[6]薛朋强.面向网络不良信息的知识图谱构建方法研究[D].乌鲁木齐:新疆大学,2017.
[7]Kim M C,Zhu Y,Chen C.How are they different?Aquantitative domain comparison of information visualization and data visualization(2000-2014)[J].Scientometrics,2016,107(1):123-165.
[8]林玲,陈福集.基于CiteSpace的国内网络舆情研究知识图谱分析[J].情报科学,2017,35(2):119-125.
[9]Malicious code definition[EB/OL].https://baike.baidu.com/item/恶意代码?fr=aladdin.
[10]Malicious code definition[EB/OL].http://wiki.mbalib.com/wiki/恶意代码.
[11]Chen C M.CiteSpace II:detecting and visualizing emerging trends and transient patterns in scientific literature[J].Journal of the American Society for Information Science and Technology,2006,57(3):359-377.
[12]王曰芬.文献计量法与内容分析法的综合研究[D].南京:南京理工大学,2007.
[13]Christodorescu M,Jha S,Seshia S A,et al.Semanticsaware malware detection[C]//IEEE Symposium on Security&Privacy,2005:32-46.
[14]Willems C,Holz T,Freiling F.Toward automated dynamic malware analysis using CWSandbox[J].IEEE Security&Privacy,2007,5(2):32-39.
[15]Kolter J Z,Maloof M A.Learning to detect and classify malicious executables in the wild[J].Journal of Machine Learning Research,2006,7(4):2721-2744.
[16]Zhou Y,Jiang X.Dissecting Android malware:characterization and evolution[C]//IEEE Symposium on Security and Privacy,2012:95-109.
[17]林擎宇,凌捷.基于应用分类和系统调用的Android恶意程序检测[J].计算机工程与应用,2017,53(19):109-113.
[18]刘艳.会议论文重要性的量化研究--以计算机学科之中间层设计领域为例[J].图书馆工作与研究,2017(2):74-77.
[19]程运安,汪奕祥.基于多特征的Android恶意软件检测方法[J].计算机工程与应用,2017,53(8):95-101.
[20]张慧琳,邹维,韩心慧.网页木马机理与防御技术[J].软件学报,2013,24(4):843-858.
[21]杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27.
[22]Han K S,Lim J H,Kang B,et al.Malware analysis using visualized images and entropy graphs[J].International Journal of Information Security,2015,14(1):1-14.
[23]Brown F,Narayan S,Wahby R S,et al.Finding and preventing bugs in JavaScript bindings[C]//IEEE Symposium on Security and Privacy,2017:559-578.
[24]马洪亮,王伟,韩臻.混淆恶意JavaScript代码的检测与反混淆方法研究[J].计算机学报,2017,40(7):1699-1713.
[25]毛蔚轩,蔡忠闽,童力.一种基于主动学习的恶意代码检测方法[J].软件学报,2017,28(2):384-397.
[26]诸葛建伟,唐勇,韩心慧,等.蜜罐技术研究与应用进展[J].软件学报,2013,24(4):825-842.
[27]Papadopoulos H,Georgiou N,Eliades C,et al.Android malware detection with unbiased confidence guarantees[J].Neurocomputing,2017:1-10.
[28]郑忠伟,欧毓毅.基于图模式与内存足迹的Android恶意应用与行为检测[J].计算机应用研究,2017,34(12):3762-3766.
[2]Kaspersky Security Bulletin 2015.Overall statistics for 2015[EB/OL].(2015).https://securelist.com/kaspersky-security-bulletin-2015-overall-statistics-for-2015/73038/.
[3]Mobile malware evolution 2016.[EB/OL].(2016).https://securelist.com/mobile-malware-evolution-2016/77681.
[4]Symantec security response[EB/OL].https://www.symantec.com/connect/zh-hans/blogs/petya-0.
[5]安源,张玲.文献计量学在我国图书情报领域的应用研究进展综述磁[J].图书馆,2014(5):63-68.
[6]薛朋强.面向网络不良信息的知识图谱构建方法研究[D].乌鲁木齐:新疆大学,2017.
[7]Kim M C,Zhu Y,Chen C.How are they different?Aquantitative domain comparison of information visualization and data visualization(2000-2014)[J].Scientometrics,2016,107(1):123-165.
[8]林玲,陈福集.基于CiteSpace的国内网络舆情研究知识图谱分析[J].情报科学,2017,35(2):119-125.
[9]Malicious code definition[EB/OL].https://baike.baidu.com/item/恶意代码?fr=aladdin.
[10]Malicious code definition[EB/OL].http://wiki.mbalib.com/wiki/恶意代码.
[11]Chen C M.CiteSpace II:detecting and visualizing emerging trends and transient patterns in scientific literature[J].Journal of the American Society for Information Science and Technology,2006,57(3):359-377.
[12]王曰芬.文献计量法与内容分析法的综合研究[D].南京:南京理工大学,2007.
[13]Christodorescu M,Jha S,Seshia S A,et al.Semanticsaware malware detection[C]//IEEE Symposium on Security&Privacy,2005:32-46.
[14]Willems C,Holz T,Freiling F.Toward automated dynamic malware analysis using CWSandbox[J].IEEE Security&Privacy,2007,5(2):32-39.
[15]Kolter J Z,Maloof M A.Learning to detect and classify malicious executables in the wild[J].Journal of Machine Learning Research,2006,7(4):2721-2744.
[16]Zhou Y,Jiang X.Dissecting Android malware:characterization and evolution[C]//IEEE Symposium on Security and Privacy,2012:95-109.
[17]林擎宇,凌捷.基于应用分类和系统调用的Android恶意程序检测[J].计算机工程与应用,2017,53(19):109-113.
[18]刘艳.会议论文重要性的量化研究--以计算机学科之中间层设计领域为例[J].图书馆工作与研究,2017(2):74-77.
[19]程运安,汪奕祥.基于多特征的Android恶意软件检测方法[J].计算机工程与应用,2017,53(8):95-101.
[20]张慧琳,邹维,韩心慧.网页木马机理与防御技术[J].软件学报,2013,24(4):843-858.
[21]杨欢,张玉清,胡予濮,等.基于多类特征的Android应用恶意行为检测系统[J].计算机学报,2014,37(1):15-27.
[22]Han K S,Lim J H,Kang B,et al.Malware analysis using visualized images and entropy graphs[J].International Journal of Information Security,2015,14(1):1-14.
[23]Brown F,Narayan S,Wahby R S,et al.Finding and preventing bugs in JavaScript bindings[C]//IEEE Symposium on Security and Privacy,2017:559-578.
[24]马洪亮,王伟,韩臻.混淆恶意JavaScript代码的检测与反混淆方法研究[J].计算机学报,2017,40(7):1699-1713.
[25]毛蔚轩,蔡忠闽,童力.一种基于主动学习的恶意代码检测方法[J].软件学报,2017,28(2):384-397.
[26]诸葛建伟,唐勇,韩心慧,等.蜜罐技术研究与应用进展[J].软件学报,2013,24(4):825-842.
[27]Papadopoulos H,Georgiou N,Eliades C,et al.Android malware detection with unbiased confidence guarantees[J].Neurocomputing,2017:1-10.
[28]郑忠伟,欧毓毅.基于图模式与内存足迹的Android恶意应用与行为检测[J].计算机应用研究,2017,34(12):3762-3766.