Obfuscated malicious codes can easily escape from being detected by the conventional static method- On the other hand, despite its high detection accuracy, the dynamic method usually expends a large amount of system resources. A hierarchical feature selection method was proposed to improve the detection accuracy with relative low system overhead, where the features were generated and subsequently selected on the oriented layer, the individual layer, the family layer and the global layer, respectively. By the layer-by-iayer refinements-, an appropriate trade-off between the feature redundancy and information omission was archived using the hierarchical feature selection method. The experimental results on the real-world datasets demonstrate that the proposed method yields high accuracy for detecting obfuscated malicious code, while has several advantages such as smaller size of required training samples and better generalization ability compared with the conventional feature selection methods.%各种迷惑恶意代码能够轻易躲避传统静态检测,而动态检测方式虽有较好的检测率,却消耗大量系统资源.为提高低系统开销下迷惑恶意代码的检测率,提出一种层次化特征选择方法,依次在引导层、个体层、家族层和全局层上生成并选择特征.层次方法以逐层精化特征的方式寻求特征冗余和信息漏选之间的平衡.实际数据集上的实验结果表明所提方法的迷惑恶意代码检测率较高,与传统特征选择方法相比,具有所需训练样本集小、泛化能力强的优点.
展开▼
