基于频谱分析的复合文档恶意代码检测

发布时间：2019-07-12 09:33

【摘要】：该文对基于频谱分析的复合文档恶意代码检测方法进行研究,提出了基于该方法的复合文档恶意代码检测系统。利用快速Fourier变换(FFT)的频域变换性质将实序列转化为复数序列,提出了一种改进的实数序列FFT算法;从复杂的文档存储结构中提取出固定字段的内容进行频谱变换,对变换后的频谱图进行分析,提取频谱图的特征属性,再根据这些特征属性对复合文档是否感染恶意代码进行检测。通过改进的FFT算法成功实现了对复合文档的频谱变换,通过实验成功提取了正常样本和恶意样本在频谱上的差异并对差异进行了验证。实验表明:该方法能够有效地对复合文档恶意代码进行检测,且具有较好的检测效果,较好地解决了复合文档恶意代码检测的问题。
[Abstract]:In this paper, the malicious code detection method of composite document based on spectrum analysis is studied, and a malicious code detection system of composite document based on this method is proposed. The real sequence is transformed into complex sequence by using the frequency domain transformation property of fast Fourier transform (FFT), and an improved real sequence FFT algorithm is proposed. The content of fixed field is extracted from the complex document storage structure for spectrum transformation, the transformed spectrum map is analyzed, the characteristic attributes of spectrum map are extracted, and then whether the composite document is infected with malicious code is detected according to these characteristic attributes. The spectrum transformation of composite documents is successfully realized by the improved FFT algorithm, and the spectral differences between normal samples and malicious samples are successfully extracted and verified by experiments. The experimental results show that this method can effectively detect the malicious code of composite documents, and has a good detection effect, and solves the problem of malicious code detection of composite documents.
【作者单位】：四川大学电子信息学院;中国信息安全测评中心;
【分类号】：TP393.08

【相似文献】