THE ARCHITECTURE OF MODEL
The theory of modern software engineering regards the
topology of software’s inner structure as network, which can
be presented by a graph. Key problems in our model based
features of graph need to be solved lie in: What structural
graph should be chosen to analyze the behaviors of software?
How to establish the system of features which can evaluate
the peculiarity of the graph? Which classifiers are fitted in
this kind of method? We will answer these questions in the
following model introduction and experimental discussion.
论文网http://www.751com.cn/
The function is a sequence of codes which have
independence ability in the program, and it can be regarded
as the base of program and can achieve some specific tasks.
In any program, the function can both call and be called by
other functions. In fact, it is a fairly simple task to construct a
graph that displays the relations between callers and callees.
Such graph is called function call graph which is chosen as
the source where features can be extracted. In this paper, the
objects which can be detected are PE files. The PE file is
transformed into graphic structure in the level of functions,
and the nodes (vertices) in the graph represent the functions
in the program, while the edges represent the relations
between the functions.本文来自辣.文'论,文·网原文请找腾讯3249.114
We follow a threefold research methodology in our
detection model: (1) establish the CFG of the executables,
(2) extract features from the CFG and create training data,
and (3) generate classifiers according to specific machine
learning algorithms then detect virus with these classifiers.
The complete architecture of this model is described in
Figure 1. The essence of this process is to establish the
relationship between features of graph and the behaviors of
the software through machine learning, and apply it into
detection.
PE filesDisassemblyCFG creatingTraining dataMachine learningFeatures extractionClassifiers
上一页 [1] [2] [3] [4] [5] [6] [7] [8] 下一页
基于控制流程图特点的病毒检测方案英文文献和翻译 第4页下载如图片无法显示或论文不完整,请联系qq752018766
