【摘要】：隨著互聯(lián)網(wǎng)的飛速發(fā)展,惡意代碼數(shù)量依然持續(xù)增長(zhǎng),對(duì)于惡意代碼的分析研究依然處于信息安全的主要位置。為此,學(xué)術(shù)界學(xué)者對(duì)惡意代碼檢測(cè)、聚類、分類以及同源等方面的進(jìn)行了分析研究。本文對(duì)于現(xiàn)在惡意代碼分析現(xiàn)狀的基礎(chǔ)上展開(kāi)了三方面的研究工作。(1)針對(duì)產(chǎn)業(yè)界的自動(dòng)分析體系同學(xué)術(shù)界的聚類、分類以及同源等分析脫節(jié)的問(wèn)題,本文提出一種新型惡意代碼自動(dòng)分析理論模型。在該該理論模型的基礎(chǔ)上研究的惡意代碼分類、聚類、同源以及演化等技術(shù)可以更好的運(yùn)用于反病毒廠商的產(chǎn)品中。這種新型惡意代碼自動(dòng)分析理論模型統(tǒng)一了學(xué)術(shù)界和產(chǎn)業(yè)界的工作。(2)針對(duì)使用不同的數(shù)據(jù)作為分析對(duì)象從而造成的不同學(xué)術(shù)研究成果之間較難對(duì)比的現(xiàn)狀,本文提出了惡意代碼的描述規(guī)范,挑選了惡意代碼家族樣本,提供了開(kāi)放的數(shù)據(jù)集。使得以該數(shù)據(jù)集作為研究對(duì)象的學(xué)術(shù)研究之間可以相互對(duì)比,并且也可以此為基礎(chǔ),提出更加準(zhǔn)確的評(píng)價(jià)標(biāo)準(zhǔn)。(3)針對(duì)前期研究發(fā)現(xiàn)的惡意代碼之間的松散程度不一的問(wèn)題,本文設(shè)計(jì)實(shí)現(xiàn)了基于SNN密度的惡意代碼聚類算法。該聚類算法對(duì)于樣本的密度不敏感,可以很好的適應(yīng)惡意代碼的聚類算法。在實(shí)現(xiàn)過(guò)程中我們采用opcode和系統(tǒng)調(diào)用作為特征輸入,驗(yàn)證了不同特征輸入的SNN密度聚類算法的準(zhǔn)確率,最高可達(dá)100%。
[Abstract]:With the rapid development of the Internet, the number of malicious code continues to grow, and the analysis of malicious code is still in the main position of information security. For this reason, scholars have analyzed and studied malicious code detection, clustering, classification and homology. On the basis of the present situation of malicious code analysis, three aspects of research work have been carried out in this paper. (1) the disconnection between the automatic analysis system of industry and the academic cluster, classification and homology analysis. This paper presents a new theoretical model for automatic analysis of malicious code. Based on this theory model, malicious code classification, clustering, homology and evolution techniques can be better used in antivirus products. This new model of automatic analysis of malicious code unifies the work of academia and industry. (2) aiming at the situation that it is difficult to compare the different academic research results caused by using different data as the object of analysis. This paper presents a description specification of malicious code, selects samples of malicious code family and provides an open data set. So that academic research that uses this data set as a research object can be contrasted with, and based on, the data set, A more accurate evaluation standard is proposed. (3) aiming at the different loose degree of malicious code found in previous studies, this paper designs and implements a malicious code clustering algorithm based on SNN density. The clustering algorithm is insensitive to the density of samples, and can adapt to the clustering algorithm of malicious code. In the process of implementation, we use opcode and system call as feature input, and verify the accuracy of SNN density clustering algorithm with different feature input.
【學(xué)位授予單位】：國(guó)防科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類號(hào)】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前4條

1 劉星;唐勇;;惡意代碼的函數(shù)調(diào)用圖相似性分析[J];計(jì)算機(jī)工程與科學(xué);2014年03期

2 徐小琳;云曉春;周勇林;康學(xué)斌;;基于特征聚類的海量惡意代碼在線自動(dòng)分析模型[J];通信學(xué)報(bào);2013年08期

3 何永君;舒輝;熊小兵;;基于動(dòng)態(tài)二進(jìn)制分析的網(wǎng)絡(luò)協(xié)議逆向解析[J];計(jì)算機(jī)工程;2010年09期

4 陳愷;馮登國(guó);蘇璞睿;;基于延后策略的動(dòng)態(tài)多路徑分析方法[J];計(jì)算機(jī)學(xué)報(bào);2010年03期

，

本文編號(hào)：2370412