Abstract
With the wide spread of work and the development progress puter technology, computer information security is facing a great threat. The malicious code is the culprit. The growth of malicious code and the development of the technology, not only will bring much inconvenience to human life, but also make the enterprises and users suffer huge economic losses. Some can even harm the national information security.
With the development and confrontation of malicious code detection and
anti-detection technology, the daily production of a large number of new malicious codes brings tremendous pressures to analysts. Today, malicious code detection capabilities have been far insufficient for demand. Malicious code detection technology is divided into two approaches, static and dynamic. The static detection gets the result based on the content and structure of the code, but the dynamic detection is by executing code in a virtual environment. However, with the development of code obfuscation techniques, some static detection methods are facing a challenge. Some malicious codes can hide their malicious behaviors to evade detection in virtual environment. Therefore, how to deal with the explosion of malicious code, especially in response to the variations of malicious code, es the focus of the research of malicious code detection technology.
In this paper, we propose a new method of static malicious code detection
based on the opcode sequences. This method extracts the opcode sequences through the program’s control flow graph as the characteristic, which is different from other methods. Firstly, shell malicious codes. Secondly, the disassembly of malicious codes, then build the program’s control flow graph by writing plugin and extract opcode sequences. Thirdly, extract the characteristics using n-gram algorithm and select features using information gain and document frequency methods. Finally, detect the malicious code using machine learning classification algorithms
基于操作码序列的静态恶意代码检测方法的分析 来自淘豆网m.daumloan.com转载请标明出处.