作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2011, Vol. 37 ›› Issue (8): 121-123. doi: 10.3969/j.issn.1000-3428.2011.08.041

• 安全技术 • 上一篇    下一篇

基于非线性SVM模型的木马检测方法

颜会娟,秦 杰   

  1. (河南工业大学信息科学与工程学院,郑州 450001)
  • 出版日期:2011-04-20 发布日期:2012-10-31
  • 作者简介:颜会娟(1984-),女,硕士研究生,主研方向:网络安全;秦 杰,副教授
  • 基金资助:
    国家自然科学基金资助项目(60373003);河南工业大学校基金资助项目(2006BS009)

Trojan Horse Detection Method Based on Nonlinear SVM Model

YAN Hui-juan, QIN Jie   

  1. (College of Information Science and Engineering, Henan University of Technology, Zhengzhou 450001, China )
  • Online:2011-04-20 Published:2012-10-31

摘要: 针对传统木马检测方法误检率和漏检率较高的问题,提出基于非线性支持向量机(SVM)模型的木马检测方法。根据被检测程序在系统中的系统调用函数建立系统调用序列,并转换成SVM可识别的标记放入数据仓库,以供向量机提取作为特征向量。通过建立SVM分类器对被检测程序行为进行分类,从而确定被检测程序行为的异常情况,判断其是否为木马。实验结果表明,该方法检测准确率高,占用的系统资源少,在检测时间、检测已知和未知木马攻击上都具有较好的性能。

关键词: 木马, 非线性, 支持向量机, 特征向量

Abstract: Aiming at the shortcoming of traditional anti-Trojan technologies, this paper presents the Trojan horse detection method based on nonlinear Support Vector Machine(SVM) model. This method establishes system call sequences in accordance with its system calls function in the system, and converts into SVM readable tags, and places in the data warehouse for SVM extracted as the feature vectors. And to determine the abnormal behavior of testing procedures to determine whether it is Trojan horse by classifying the detected program behaviors based on the SVM classifier. Experimental results show that this method has high accuracy rate, and takes up very little system resource. Besides, it also has a very good performance in detection time and detection of known and unknown Trojan horse attacks.

Key words: Trojan horse, nonlinear, Support Vector Machine(SVM), feature vector

中图分类号: