关键词: 恶意代码, 交互行为, 序列混淆, 噪音注入, 模拟序列

Abstract: The intelligent detection of malware has significant importance in the field of malware analysis. This paper studied the automatic classification issues of malware sequence of dynamic traces. The automatic classification method based on sliding windows of sequence characteristics could not resist the sequence confusion, noise injection and mimic sequence to evade detection. This paper studied the three above-mentioned problems. It used the branching sequences, Markov chain state transition probability matrix and interactive objects respectively to improve the automatic classification of malware based on interactive sequence, and gave the design of the overall classification process. Finally, the experimental results prove the above-mentioned problems can be resolved effectively.

Key words: Malware, Interactive Behavior, Confused Sequence, Noise Injection, Mimic Sequence