当前阶段,随着变形技术的产生和发展,恶意代码的攻击方式正变得更加复杂和隐蔽。为了准确检测和分析变形恶意代码,本文提出了一种基于最小距离的分类检测技术。通过提取恶意代码执行行为,进行操作语义描述。进而量化分析行为特征,计算不同特征属性间的最小相似距离,完成恶意代码的分类检测。实验结果表明,最小距离分类算法能够快速准确分类恶意代码,平均检出率保持在80%以上,具有良好的检测效果和进一步研究的价值。%Nowadays,with the emergency and development of metamorphism technology, malware's attack is becoming more complicated and concealed. In order to detect and analysis metamorphism malware accurately, this article proposed a classification detection method based on minimum distance. Through extract the malicious behaviors, description them with semantics. And analysis the behavior characteristics, compute similarity between them based on minimum distance, finally, detect and classify metamorphism malware. Experiment result shows that the minimum distance algorithm is effective in detection and classify malware, average relevance ratio is above 80 percentages.this method has good detection effect and the value for further research.
展开▼
