计算机工程 ›› 2011, Vol. 37 ›› Issue (18): 131-133.doi: 10.3969/j.issn.1000-3428.2011.18.043

• 安全技术 • 上一篇    下一篇

基于流量统计指纹的恶意代码检测模型

苗 甫,王振兴,张连成   

  1. (解放军信息工程大学信息工程学院,郑州 450002)
  • 收稿日期:2011-02-18 出版日期:2011-09-20 发布日期:2011-09-20
  • 作者简介:苗 甫(1981-),男,硕士研究生,主研方向:指纹检测,网络与信息安全;王振兴,教授、博士、博士生导师;张连成,博士研究生

Malicious Code Detection Model Based on Traffic Statistical Fingerprinting

MIAO Fu, WANG Zhen-xing, ZHANG Lian-cheng   

  1. (Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002, China)
  • Received:2011-02-18 Online:2011-09-20 Published:2011-09-20

摘要: 采用加密和隧道技术的恶意代码难以检测。为此,提出基于流量统计指纹的恶意代码检测模型。提取恶意代码流量中的包层特征和流层特征,对高维流层特征采用主成分分析进行降维,利用两类特征的概率密度函数建立恶意代码流量统计指纹,使用该指纹检测网络中恶意代码通信流量。实验结果表明,该模型能有效检测采用加密和隧道技术的恶意代码。

关键词: 恶意代码检测, 隧道, 流量统计指纹, 特征选择, 主成分分析

Abstract: In order to detect malicious codes which utilize encryption technology and tunnels encapsulation, a new malicious code detection model based on traffic statistical fingerprinting is presented. The packet-level features and flow-level features are extracted from each flow in a training set. The flow-level features are filtered by the Principal Component Analysis. The detection model is constructed after malicious code’s traffic statistical fingerprinting is got from these features’ probability density functions. Experimental results indicate that this model can effectively detect encrypted or tunneled malicious codes.

Key words: malicious code detection, tunnel, traffic statistical fingerprinting, feature selection, Principal Component Analysis(PCA)

中图分类号: