摘要: 结合数据挖掘和专家系统技术解决主机恶意代码检测问题,提出一个基于行为的恶意代码检测系统。数据挖掘算法采用改进的序列模式挖据算法——PrefixSpan*,该算法用简约投影数据库代替原PrefixSpan算法的投影数据库。PrefixSpan*从恶意代码行为序列库中挖掘关联规则,专家系统将获取的主机行为与规则匹配,从而达到检测恶意行为的目的。实验结果证明了该算法的正确性和有效性。
关键词:
恶意代码检测,
基于行为检测,
序列模式挖掘,
PrefixSpan*算法,
投影数据库
Abstract: This paper proposes a behavior-based detection system, which combines data mining and expert system technique to detection malware in hosts. It applies a novel sequence pattern mining method, called PrefixSpan*, which uses brief projection database in stead of projection database in PrefixSpan. PrefixSpan* algorithm mines association rules in the malware behavior sequence database, to form malware behavior pattern database, the expert system matches facts and rules and gives the final result. Experimental results show that the algorithm is correct and efficient.
Key words:
malware detection,
behavior-based detection,
sequence pattern mining,
PrefixSpan* algorithm,
projection database
中图分类号:
王丽娜;谭小彬;潘剑锋;奚宏生. 恶意代码检测中的PrefixSpan*算法应用[J]. 计算机工程, 2010, 36(7): 119-121.
WANG Li-na; TAN Xiao-bin; PAN Jian-feng; XI Hong-sheng. Application of PrefixSpan* Algorithm in Malware Detection[J]. Computer Engineering, 2010, 36(7): 119-121.