基于靜態(tài)行為軌跡的異常特征檢測(cè)技術(shù)
發(fā)布時(shí)間:2018-12-07 16:38
【摘要】:針對(duì)現(xiàn)有程序靜態(tài)異常特征檢測(cè)中存在的對(duì)未知變種識(shí)別率低的問(wèn)題,提出一種基于靜態(tài)行為軌跡的特征提取與檢測(cè)方法。特征建模階段采用變長(zhǎng)n-gram算法對(duì)樣本的函數(shù)調(diào)用序列進(jìn)行特征建模,并從中提取異常特征;檢測(cè)階段通過(guò)對(duì)函數(shù)調(diào)用序列的分片所生成的軌跡段與特征庫(kù)中的序列段進(jìn)行匹配,并將可信度加入判決值的計(jì)算中,與判決閾值作比較,以克服靜態(tài)基于字節(jié)序列的特征碼檢測(cè)誤報(bào)率較高的缺陷。實(shí)驗(yàn)表明,基于靜態(tài)行為軌跡的異常特征檢測(cè)技術(shù)具有較高的準(zhǔn)確率和較低的誤報(bào)率。
[Abstract]:In order to solve the problem of low recognition rate of unknown varieties in static anomaly feature detection of existing programs, a feature extraction and detection method based on static behavior trajectory is proposed. In the stage of feature modeling, the variable length n-gram algorithm is used to model the feature of the function calling sequence of the sample, and the abnormal feature is extracted from it. In the detection stage, the trace segment generated by the fragment of the function calling sequence is matched with the sequence segment in the signature library, and the credibility is added to the calculation of the decision value, and compared with the decision threshold. In order to overcome the high false alarm rate of static signature detection based on byte sequence. The experimental results show that the anomaly detection technique based on static behavior trajectory has higher accuracy and lower false alarm rate.
【作者單位】: 數(shù)學(xué)工程與先進(jìn)計(jì)算國(guó)家重點(diǎn)實(shí)驗(yàn)室;
【基金】:國(guó)家自然科學(xué)基金資助項(xiàng)目(61472447)
【分類號(hào)】:TP309
本文編號(hào):2367474
[Abstract]:In order to solve the problem of low recognition rate of unknown varieties in static anomaly feature detection of existing programs, a feature extraction and detection method based on static behavior trajectory is proposed. In the stage of feature modeling, the variable length n-gram algorithm is used to model the feature of the function calling sequence of the sample, and the abnormal feature is extracted from it. In the detection stage, the trace segment generated by the fragment of the function calling sequence is matched with the sequence segment in the signature library, and the credibility is added to the calculation of the decision value, and compared with the decision threshold. In order to overcome the high false alarm rate of static signature detection based on byte sequence. The experimental results show that the anomaly detection technique based on static behavior trajectory has higher accuracy and lower false alarm rate.
【作者單位】: 數(shù)學(xué)工程與先進(jìn)計(jì)算國(guó)家重點(diǎn)實(shí)驗(yàn)室;
【基金】:國(guó)家自然科學(xué)基金資助項(xiàng)目(61472447)
【分類號(hào)】:TP309
【相似文獻(xiàn)】
相關(guān)期刊論文 前2條
1 陶闖;;LBS市場(chǎng)發(fā)展趨勢(shì)和挑戰(zhàn)[J];衛(wèi)星與網(wǎng)絡(luò);2012年10期
2 ;[J];;年期
相關(guān)重要報(bào)紙文章 前2條
1 趙朕(中國(guó)解放區(qū)文學(xué)研究會(huì)副會(huì)長(zhǎng));單純的綠色 復(fù)雜的折光[N];中國(guó)紀(jì)檢監(jiān)察報(bào);2001年
2 任正虎;抓好團(tuán)以上黨委書記隊(duì)伍建設(shè)[N];解放軍報(bào);2003年
相關(guān)碩士學(xué)位論文 前5條
1 馮琳耀;基于室內(nèi)傳感網(wǎng)數(shù)據(jù)的行為軌跡幾何代數(shù)建模與特征分析方法[D];南京師范大學(xué);2015年
2 趙方旭;不同水力條件下魚(yú)類個(gè)體行為軌跡特性研究[D];廣西大學(xué);2016年
3 周永;基于簽到數(shù)據(jù)的用戶行為軌跡相似度分析[D];西華大學(xué);2016年
4 王彬;用戶行為軌跡聚類及其應(yīng)用研究[D];西華大學(xué);2016年
5 韓金娥;基于化簡(jiǎn)行為軌跡的軟件可信性評(píng)價(jià)模型[D];河北大學(xué);2011年
,本文編號(hào):2367474
本文鏈接:http://www.sikaile.net/kejilunwen/ruanjiangongchenglunwen/2367474.html
最近更新
教材專著
