基于静态行为轨迹的异常特征检测技术
发布时间:2018-12-07 16:38
【摘要】:针对现有程序静态异常特征检测中存在的对未知变种识别率低的问题,提出一种基于静态行为轨迹的特征提取与检测方法。特征建模阶段采用变长n-gram算法对样本的函数调用序列进行特征建模,并从中提取异常特征;检测阶段通过对函数调用序列的分片所生成的轨迹段与特征库中的序列段进行匹配,并将可信度加入判决值的计算中,与判决阈值作比较,以克服静态基于字节序列的特征码检测误报率较高的缺陷。实验表明,基于静态行为轨迹的异常特征检测技术具有较高的准确率和较低的误报率。
[Abstract]:In order to solve the problem of low recognition rate of unknown varieties in static anomaly feature detection of existing programs, a feature extraction and detection method based on static behavior trajectory is proposed. In the stage of feature modeling, the variable length n-gram algorithm is used to model the feature of the function calling sequence of the sample, and the abnormal feature is extracted from it. In the detection stage, the trace segment generated by the fragment of the function calling sequence is matched with the sequence segment in the signature library, and the credibility is added to the calculation of the decision value, and compared with the decision threshold. In order to overcome the high false alarm rate of static signature detection based on byte sequence. The experimental results show that the anomaly detection technique based on static behavior trajectory has higher accuracy and lower false alarm rate.
【作者单位】: 数学工程与先进计算国家重点实验室;
【基金】:国家自然科学基金资助项目(61472447)
【分类号】:TP309
本文编号:2367474
[Abstract]:In order to solve the problem of low recognition rate of unknown varieties in static anomaly feature detection of existing programs, a feature extraction and detection method based on static behavior trajectory is proposed. In the stage of feature modeling, the variable length n-gram algorithm is used to model the feature of the function calling sequence of the sample, and the abnormal feature is extracted from it. In the detection stage, the trace segment generated by the fragment of the function calling sequence is matched with the sequence segment in the signature library, and the credibility is added to the calculation of the decision value, and compared with the decision threshold. In order to overcome the high false alarm rate of static signature detection based on byte sequence. The experimental results show that the anomaly detection technique based on static behavior trajectory has higher accuracy and lower false alarm rate.
【作者单位】: 数学工程与先进计算国家重点实验室;
【基金】:国家自然科学基金资助项目(61472447)
【分类号】:TP309
【相似文献】
相关期刊论文 前2条
1 陶闯;;LBS市场发展趋势和挑战[J];卫星与网络;2012年10期
2 ;[J];;年期
相关重要报纸文章 前2条
1 赵朕(中国解放区文学研究会副会长);单纯的绿色 复杂的折光[N];中国纪检监察报;2001年
2 任正虎;抓好团以上党委书记队伍建设[N];解放军报;2003年
相关硕士学位论文 前5条
1 冯琳耀;基于室内传感网数据的行为轨迹几何代数建模与特征分析方法[D];南京师范大学;2015年
2 赵方旭;不同水力条件下鱼类个体行为轨迹特性研究[D];广西大学;2016年
3 周永;基于签到数据的用户行为轨迹相似度分析[D];西华大学;2016年
4 王彬;用户行为轨迹聚类及其应用研究[D];西华大学;2016年
5 韩金娥;基于化简行为轨迹的软件可信性评价模型[D];河北大学;2011年
,本文编号:2367474
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2367474.html
