针对迷惑恶意代码识别率较低的问题,提出一种基于提升多维特征的迷惑恶意代码检测算法.该算法在对迷惑恶意代码反汇编后进行静态分析,从Opcode分布序列,调用流图特征、系统调用序列图这3个特征维度对恶意代码家族特征进行归纳和分析,结合统计和语义结构特征表现恶意代码"行为"特性,从而对分类结果加权投票后给出迷惑恶意代码家族判定信息.实验结果表明,该方法对迷惑恶意代码家族检测准确率较高.%To cope with the problem of the low accuracy in detecting obfuscated malware, an algorithm to detect obfuscated malware based on boosting multi-level features is presented.After a disassembly analysis and static analysis for the obfuscated malware, the algorithm extracts features from three dimensions: opcode distribution, a function call graph, and a system call graph, which combines the statistic and semantic features to reflect the behavior characteristic of the malware, and then gives out the decision result based on weighted voting for a different feature analysis.It has been proven by experiment that the algorithms have a much higher accuracy on the testing dataset.
展开▼
