基于纹理特征的恶意代码检测方法测试
|
摘要
为了有效避免恶意代码给网络信息安全带来的破坏,对恶意代码检测方法进行研究。在恶意代码可视化的理论基础上提出一种基于纹理特征的恶意代码检测方法,通过可视化算法实现对恶意代码二进制程序的可视化显示,即映射为灰度图像,再提取图像的纹理特征,并在恶意代码语料库中进行特征匹配,输出检测结果。最后利用在某公司安全部门捕获到的5种出现次数最多的恶意代码种类进行实际检测实验,实验结果表明,基于纹理特征的恶意代码检测方法实用性强,对恶意代码的分类较精确。
In order to effectively avoid the damage of malware to the network and information security, a malware detection method was investigated in this paper. In the light of the theory of malicious code visualization, a novel malware detection method based on the texture feature was proposed. The visualization algorithm is used to visually display the binary program of the malicious code, i.e. the gray-scale image. Then, the texture feature of the gray-scale image is extracted to matches the texture-feature in the library of malicious code and output the detected results. At last,5 types of malicious code captured by the security department of a certain company, which appear most frequently,are practically tested. Experiment results show that, the proposed method has the strong practicability because it can precisely classify the malicious code.
In order to effectively avoid the damage of malware to the network and information security, a malware detection method was investigated in this paper. In the light of the theory of malicious code visualization, a novel malware detection method based on the texture feature was proposed. The visualization algorithm is used to visually display the binary program of the malicious code, i.e. the gray-scale image. Then, the texture feature of the gray-scale image is extracted to matches the texture-feature in the library of malicious code and output the detected results. At last,5 types of malicious code captured by the security department of a certain company, which appear most frequently,are practically tested. Experiment results show that, the proposed method has the strong practicability because it can precisely classify the malicious code.
引文
[1]M Christodorescu,J Kinder,S Jha,et al.Malware Normalization[D].Madison:University of Wisconsin,2005.
[2]C Willems,T Holz,F Freiling.Toward Automated Dynamic Malware Analysis Using CW Sandbox[J].IEEE Security and Privacy,2007,5(2):32-39.
[3]韩晓光,曲武,姚宣霞,等.基于纹理指纹的恶意代码变种检测方法研究[J].通信学报,2014,35(8):125-136.
[4]M Christodorescu,S Jha,S A Seshia,et al.SemanticsAware Malware Detection[C]//The 2005 IEEE Symposium on Security and Privacy.California,USA,2005:32-46.
[5]E Kirda,C Kruegel,G Banks,et al.Behavior-based spyware detection[C]//Conference on 15th Usenix Security Symposium.Canada,2006:273-288.
[6]王蕊,冯登国,杨轶,等.基于语义的恶意代码行为特征提取及检测方法[J].软件学报,2012,23(2):378-393.
[7]王博.基于行为分析的恶意代码分类与可视化[D].北京:北京交通大学,2015.
[8]L Nataraj,S Karthikeyan,G Jacob,et al.Malware images visualization and automation classification[J].International Symposium on Visualization for Cyber Security,2011,56(56):1-7.
[9]A K Jain,F Farrokhnia.Unsupervised texture segmentation using Gabor filters[C]//IEEE International Conference on Systems.1990:14-19.
[10]蒲鑫·基于Gabor滤波器的掌纹纹理特征的提取[J].科技创新导报,2011(3):24-25.
[11]李钰,孟祥萍.基于Gabori滤波器的图像纹理特征提取[J]·长春工业大学学报:自然科学版,2008,29(1):78-81.
[12]赵英男,杨静宇.基于Gabor滤波器的特征抽取技术[J].吉首大学学报:自然科学版,2006,27(5):59-62.
[13]许宗敬,胡平.显微图像纹理特征提取方法综述[J].微计算机应用,2009,30(6):6-13.
[14]M R Turner.Texture discrimination by Gabor functions[J].Biological Cybernetics,1986,55(2-3):71.
[15]韩晓光.恶意代码检测关键技术研究[D].北京:北京科技大学,2015.
[2]C Willems,T Holz,F Freiling.Toward Automated Dynamic Malware Analysis Using CW Sandbox[J].IEEE Security and Privacy,2007,5(2):32-39.
[3]韩晓光,曲武,姚宣霞,等.基于纹理指纹的恶意代码变种检测方法研究[J].通信学报,2014,35(8):125-136.
[4]M Christodorescu,S Jha,S A Seshia,et al.SemanticsAware Malware Detection[C]//The 2005 IEEE Symposium on Security and Privacy.California,USA,2005:32-46.
[5]E Kirda,C Kruegel,G Banks,et al.Behavior-based spyware detection[C]//Conference on 15th Usenix Security Symposium.Canada,2006:273-288.
[6]王蕊,冯登国,杨轶,等.基于语义的恶意代码行为特征提取及检测方法[J].软件学报,2012,23(2):378-393.
[7]王博.基于行为分析的恶意代码分类与可视化[D].北京:北京交通大学,2015.
[8]L Nataraj,S Karthikeyan,G Jacob,et al.Malware images visualization and automation classification[J].International Symposium on Visualization for Cyber Security,2011,56(56):1-7.
[9]A K Jain,F Farrokhnia.Unsupervised texture segmentation using Gabor filters[C]//IEEE International Conference on Systems.1990:14-19.
[10]蒲鑫·基于Gabor滤波器的掌纹纹理特征的提取[J].科技创新导报,2011(3):24-25.
[11]李钰,孟祥萍.基于Gabori滤波器的图像纹理特征提取[J]·长春工业大学学报:自然科学版,2008,29(1):78-81.
[12]赵英男,杨静宇.基于Gabor滤波器的特征抽取技术[J].吉首大学学报:自然科学版,2006,27(5):59-62.
[13]许宗敬,胡平.显微图像纹理特征提取方法综述[J].微计算机应用,2009,30(6):6-13.
[14]M R Turner.Texture discrimination by Gabor functions[J].Biological Cybernetics,1986,55(2-3):71.
[15]韩晓光.恶意代码检测关键技术研究[D].北京:北京科技大学,2015.