Aiming at the shortcoming of traditional anti-Trojan technologies, this paper presents the Trojan horse detection method based on nonlinear Support Vector Machine(SVM) model.This method establishes system call sequences in accordance with its system calls function in the system, and converts into SVM readable tags, and places in the data warehouse for SVM extracted as the feature vectors.And to determine the abnormal behavior of testing procedures to determine whether it is Trojan horse by classifying the detected program behaviors based on the SVM classifier.Experimental results show that this method has high accuracy rate, and takes up very little system resource.Besides, it also has a very good performance in detection time and detection of known and unknown Trojan horse attacks.%针对传统木马检测方法误检率和漏检率较高的问题,提出基于非线性支持向量机(SVM)模型的木马检测方法.根据被检测程序在系统中的系统调用函数建立系统调用序列,并转换成SVM可识别的标记放入数据仓库,以供向量机提取作为特征向量.通过建立SVM分类器对被检测程序行为进行分类,从而确定被检测程序行为的异常情况,判断其足否为木马.实验结果表明,该方法检测准确率高,占用的系统资源少,在检测时间、检测已知和未知木马攻击上都具有较好的性能.
展开▼
