计算机应用 ›› 2011, Vol. 31 ›› Issue (04): 1006-1009.DOI: 10.3724/SP.J.1087.2011.01006

• 信息安全 • 上一篇    下一篇

基于属性序约简的恶意代码检测

郭宁1,孙晓妍2,林和1,牟华3   

  1. 1. 兰州大学 信息科学与工程学院,兰州 730000
    2. 信息工程大学 信息工程学院,郑州 450002
    3. 山东省情报研究所,济南 250000
  • 收稿日期:2010-10-18 修回日期:2010-12-01 发布日期:2011-04-08 出版日期:2011-04-01
  • 通讯作者: 孙晓妍
  • 作者简介:郭宁(1981-),男,山西太原人,硕士研究生,主要研究方向:数据挖掘;
    孙晓妍(1980-),女,山东威海人,博士研究生,主要研究方向:信息安全;
    林和(1963-),男, 甘肃临洮人,副教授,主要研究方向:人工智能、数据挖掘;
    牟华(1979-),女,山东济南人,工程师,主要研究方向:数据挖掘。

Malware detection based on attributes order reduction

Ning GUO1,Xiao-yan SUN2,He LIN1,Hua MOU3   

  1. 1. College of Information Science and Engineering, Lanzhou University, Lanzhou Gansu 730000, China
    2. College of Information Engineering, PLA Information Engineering University, Zhengzhou Henan 450002, China
    3. Information Research Institute of Shandong Province, Jinan Shandong 250000, China
  • Received:2010-10-18 Revised:2010-12-01 Online:2011-04-08 Published:2011-04-01
  • Contact: Xiao-yan SUN

摘要: 研究了已有的恶意代码特征选择和约简方法,针对已有的属性约简方法没有充分利用特征选择评估函数信息的不足,提出以信息增益值和特征的规模对候选特征排序,并使用属性序约简对特征进行约简的方法,分析了时空复杂度,给出了总体设计方案。实验结果验证了属性序约简的应用能够在较短的时间内获得较少的约简结果,使用约简后的特征进行分类准确率较高。

关键词: 恶意代码, 特征选择, 约简, 信息增益, 属性序

Abstract: The existing methods of malware feature selection and reduction methods were studied. Current attribute reduction methods of malware do not take advantage of the information of feature selection evaluation function. So a method was proposed to order all features based on their value of information gain and their size, and used attributes order reduction method to get a reduction. An analysis of spatial and temporal complexity was given, and the overall design was given. Test results show that the application of attributes order reduction can obtain fewer reduction results in less time, and get higher classification accuracy using the reduction result.

Key words: malware, feature selection, reduction, information gain, attribute order

中图分类号: