基于行为关系网络的恶意代码检测方法
作者:
作者单位:

四川大学网络空间安全学院

作者简介:

通讯作者:

中图分类号:

TP391. 1

基金项目:

国家自然科学基金(U20B2045)


Malicious code detection method based on behavior relation network
Author:
Affiliation:

School of Cyber Science and Engineering,Sichuan University

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    在网络安全领域,恶意代码的威胁是一个不可回避的话题.如何快速检测出恶意代码、阻止和降低恶意代码产生的危害一直是亟需解决的问题.本文提出一种基于行为关系网络的恶意代码检测 方法.首先,在沙箱中运行样本获得行为报告,再从报告中提取样本的API调用、注册表访问和文件读写操作三种行为记录来构建行为关系网络,所构建的行为关系网络包 含“PE”、“API”、“Registry”和“File”4种类型的节点;然后,使用一种基于元图的方法来计算样本之间的相似度矩阵;最后,使用一种自定义核的支持向量机(Support Vector Machine, SVM)模型来进行训练和预测.实验结果表明,本文提出的方法可以达到95.5%的分类准确率,能够有效地对恶意代码进行检测.

    Abstract:

    In the field of network security, the threat of malicious code is an unavoidable topic. How to quickly detect malicious code, prevent and reduce the harm caused by malicious code has always been an urgent problem. This paper proposes a malicious code detection method based on the behavior relation network. First, obtain the behavior report by executing the sample in the sandbox, and then construct a behavior relationship network by extracting the three behavior records of the sample''s API call, registry access, and file read and write operations from the behavior report . The constructed behavior relationship network includes "PE", "API", "Registry" and "File" 4 types of nodes, we then use a metagraphbased method to calculate the similarity matrix between samples, and finally the Support Vector Machine (SVM) model, which kernel is custom defined, is used for training and prediction. Experimental results show that the method proposed in this paper can achieve a classification accuracy of 95.5% and can effectively detect malicious code.

    参考文献
    相似文献
    引证文献
引用本文

引用本文格式: 刘建松,张磊,方勇. 基于行为关系网络的恶意代码检测方法[J]. 四川大学学报: 自然科学版, 2022, 59: 023001.

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2021-11-04
  • 最后修改日期:2021-11-22
  • 录用日期:2021-12-27
  • 在线发布日期: 2022-04-01
  • 出版日期: