Abstract: In current,since judging the malware in information security area in China has relatively low intelligence,this paper analyzes a large number of malicious softwares,and extracts the typical characteristics of dangerous behavior,then integrates these acts and builds a mapping library for these behaviors,which is used for transfering the behavior into data. It also designs an algorithm to make the data can directly be used for training. Through myriads of experiments,a BP neural network suitable for training type is designed,and each operator and parameter are determined. By training the neural network,this paper establishes a system to judge whether the suspicious one is a malware. Experimental result shows that this idea is right,and the false alarm rate and false negative rate are 1% and 3． 7% .

Key words: information security, intelligence, risk behavior, malware, BP neural network, behavior evaluation

摘要： 针对当前国内信息安全领域对于恶意软件的判断智能化程度较低的现状,分析不同类型的恶意软件,提取典型的危险行为特征,对这些行为进行整合并建立一个行为映射库,将软件行为映射成数据,设计算法将其转换成可用于实际神经网络训练的数据。通过反复实验,给出一个适用于训练该类型样本的BP 神经网络,并确定其中各个算子和参数值。通过训练该神经网络,建立一个判断可疑软件是否为恶意软件的行为评估系统。实验结果证明了上述设计的正确性,系统的漏报率和误报率仅为1% 和3． 7% 。

关键词: 信息安全, 智能, 危险行为, 恶意软件, BP 神经网络, 行为评估

CLC Number: 

• TP309