This article puts forward an isolation method for script virus of private network based on active learning.Firstly,the sensitive API function invoked by static feature of file of the script virus is extracted via analyzing the static feature,and different types of API function are classified according to relevant spite feature behavior,then network script feature is simplified by using theory of feature extraction of minimum j-divergence entropy.Moreover,the classification operation for untagged file sample of script program is carried out,and sample in script pool of untagged private network is selected.The training set is updated via the sample.Finally,the automatic isolation of the script virus is realized.Simulation results show that the method can insulate script virus timely and effectively.%对专用网络脚本病毒的有效隔离,能够对专用网络的脚本病毒进行准确检测.对脚步病毒的有效隔离,需要设定特定选取规则,对未标签脚本池中的样本进行选取,完成专用网络脚本病毒的隔离.传统方法首先对病毒样本代码进行明文的统计分析,获得脚本病毒代码关键字的分布概率,但忽略了对脚本病毒样本进行选择,导致病毒隔离效果不理想.提出基于主动学习的专用网络脚本病毒隔离方法.通过分析专用网络脚本病毒文件静态特征提取其调用的敏感API函数,将不同类别的API函数依据相关恶意特征行为分类,采用判别熵最小化的特征提取理论对网络脚本特征项进行精简,并对未标签的脚本程序文件样本进行分类操作,对未标签专用网络脚本池中的样本进行选取,并将该样本更新至训练集中,实现专用网络脚本病毒自动隔离.仿真结果证明,所提方法可以及时、有效地对脚本病毒进行隔离.
展开▼
