Research on Malicious Code Detection Based on Least-squares Estimation
Malicious code detection based on behaviors is the development direction of anti-virus techniques. However,the current detection methods based on this theory expose several problems such as the unclearness of behavior sequence analysis and the high false negatives. For this situation,this paper proposes a malicious code detection method based on least-squares estimation. In this method,it correlates program behaviors with time and subjectobject,and then constitutes an accurate and complete behavior sequence. It can provide a preprocessing method for the subsequent detection. In order to improve the accuracy and intelligence of malicious code detection,we introduce the concept of expert subjective degree. By modeling malicious samples based on least-squares estimation we can train the Expert Subjective Degree Vector (ESDV) and simulate experts to judge the threat values of malicious codes. Experiments show that this method is more accurate than the current ways to detect the malicious codes which execute themselves in subperiod and sub-process ways,so it can be used as an effective complement of the current anti-virus software.
behavior correlation expert subjective degree vector malicious code detection threat judging
Wu Yunlong Chen Chen Wang Huiquan Xu Xinhai Zhou Jie
National Laboratory for Parallel and Distributed Processing,School of Computer,National University o School of Computer,National University of Defense Technology,Changsha,Hunan,410073,P. R. China
国际会议
杭州
英文
124-128
2012-03-23(万方平台首次上网日期,不代表论文的发表时间)