针对定长的指令序列特征维数过高且存在分割特征的问题,本文提出了一种基于变长指令序列与粗糙集属性约简的恶意代码检测技术,采用变长的指令序列可以有效解决特征分割的问题,同时为了有效降低特征规模,只考虑常用的13个指令所构成的指令序列,然后利用粗糙集理论进行冗余特征约简,实验最终获得特征维数非常低并且相对定长的指令序列而言,其分类精度更高,漏报率更低。%In order to solve the problems of increase and separation features in fixed-length Opcode sequences,we propose a malware detection techniques base on variable-length Opcode sequences and rough set attribute reduction theory,using vaiable-length Opcode sequences can effectively solve the problem of separation features, and in order to effectively reduce the scale of features, we only consider the Opcode sequences which composed of the commonly used 13 instruction , afterwards we use rough set theory to reduct its, at last we get the features dimension is very low and contrast to fixed-length sequence of instructions, we get th higher classification accuracy, and false negative rate is lower from experiments ultimately.
展开▼
