well-known that signature based schemes are unable to
detect zero-day virus. During the period between the
appearance of a new virus and the update of signature set,
millions of computers are vulnerable to the new virus.
Considering the defects of traditional detection method,
many researchers dedicated to find more general virus本文来自辣.文'论,文·网原文请找腾讯324.9114
features which can be used detect zero-day virus. Recently,
machine learning methods, such as classification algorithms
were employed to automate and extend the idea of traditional
methods. In these methods, classifiers are applied to learn
patterns in the binary code files in order to classify unknown
files. A classifier is a rule-set that is learnt from a given
training set, which includes examples of both malicious and
benign files.
More and more researchers regarded software system as
a kind of artificial complex networks, and they suggested
that graph theory and complex systems method should be
adopted to the research of software’s structure and behavior
[1]. In this paper, a new detection method based features of
graph is proposed, and the features are extracted from control
flow graph which is created by the functions and their
relation in the structure of software. Comparing with other
feature methods, our method takes advantage of the inner
structure of software.
We design a virus detection model to testify our method,
which uses novel features to efficiently detect malicious PE
files [2]. We have evaluated our proposed model on the VX
Heavens Virus collection [3] . We also collected more than
two thousand benign PE files from our virology lab, which
we use in conjunction with virus dataset in our study. In
these experiments we compared different classification
methods. With our experiments, we were able to achieve as
high as 95.9% detection rate and as low as 5.9% false
positive rate on novel virus.
The paper is structured as follows. Section 2 discusses
related work. Section 3 introduces the model architecture as
论文网http://www.751com.cn/
well as the system of features. The evaluation methodology
and results and their discussion are presented in section 4 and
we conclude in section 5.
上一页 [1] [2] [3] [4] [5] [6] [7] [8] 下一页
基于控制流程图特点的病毒检测方案英文文献和翻译 第2页下载如图片无法显示或论文不完整,请联系qq752018766