作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2018, Vol. 44 ›› Issue (8): 161-166,173. doi: 10.19678/j.issn.1000-3428.0048395

• 安全技术 • 上一篇    下一篇

基于AdaBoost算法的Linux病毒检测研究

吴恋 1a,1b,马敏耀 1a,1b,黄一峰 2,赵勇 3   

  1. 1.贵州师范学院 a.数学与计算机科学学院; b.大数据科学与智能工程研究院,贵阳 550018; 2.重庆邮电大学 新一代宽带移动通信终端研究所,重庆 400065; 3.北京大学深圳研究生院 信息工程学院,深圳 518055
  • 收稿日期:2017-08-17 出版日期:2018-08-15 发布日期:2018-08-15
  • 作者简介:吴恋(1988—),女,讲师、硕士,主研方向为网络安全、机器学习;马敏耀,副教授、博士;黄一峰,工程师、硕士;赵勇,教授、博士。
  • 基金资助:

    贵州省教育厅自然科学研究项目(青年项目)(黔教合KY字【2015】425);贵州省省级重点支持学科“计算机应用技术”(黔学位合字ZDXK【2016】20号);贵州省科技平台及人才团队专项资金(黔科合平台人才【2016】5609);贵州省科学技术基金(黔科合基础【2016】1115)。

Linux Virus Detection Study Based on AdaBoost Algorithm

WU Lian 1a,1b,MA Minyao 1a,1b,HUANG Yifeng 2,ZHAO Yong 3   

  1. 1a.Department of Mathematics and Computer Science; 1b.Big Data Science and Intelligent Engineering Research Institute, Guizhou Education University,Guiyang 550018,China;2.Next Generation Mobile Communication Terminal Laboratory, Chongqing University of Posts and Telecommunications,Chongqing 400065,China; 3.School of Electronic and Computer Engineering,Peking University Shenzhen Graduate School,Shenzhen 518055,China
  • Received:2017-08-17 Online:2018-08-15 Published:2018-08-15

摘要:

根据机器学习中分类和集成学习理论,设计一种高性能的Linux病毒检测方法。通过训练得到若干基分类器,然后将基分类器的分类结果进行整合,以获得最终检测结果。该方法以ELF文件特征为样本特征、BP神经网络为基分类器,用AdaBoost算法进行基分类器的训练和整合 。对AdaBoost算法的基分类器权重计算及基分类器整合部分进行改进,使之更适用于病毒检测问题。实验结果表明,该方法的病毒检测效果优于Avria Linux和F-PROT方法。

关键词: 病毒检测, AdaBoost算法, BP神经网络, ELF文件特征, D-S证据理论

Abstract:

A high-performance Linux virus detection method is designed using the theory of classification and integration learning in machine learning.This method is,first to train and obtain a number of base classifiers,then to integrate the base classifiers’ classification results to get the final detection result.The method extracts the ELF file feature as the sample feature,and selects BP neural networks as the base classifiers,and uses the improved AdaBoost algorithm to train and integrate the base classifiers.In the Adaboost algorithm,the weight calculation method and integration method of the base classifiers are improved,which makes this algorithm more suitable for the virus detection problem.Experimental results show that the effectiveness of the proposed detection method is verified by relative experiments,which is better than Avria Linux and F-PROT methods.

Key words: virus detection, AdaBoost algorithm, BP neural network, ELF file feature, D-S evidence theory

中图分类号: