0


智能恶意软件检测系统

IMDS: Intelligent Malware Detection System
课程网址: http://videolectures.net/kdd07_ye_imds/  
主讲教师: Yanfang Ye
开课单位: 西弗吉尼亚大学
开课时间: 2007-08-14
课程语种: 英语
中文简介:
恶意软件的泛滥对计算机系统的安全构成了严重威胁。传统的基于签名的防病毒系统无法检测到多态和新的,以前看不见的恶意可执行文件。在本文中,基于对PE文件调用的Windows API执行序列的分析,我们使用基于目标导向关联(OOA)挖掘的分类开发智能恶意软件检测系统(IMDS)。 IMDS是一个集成系统,由三个主要模块组成:PE解析器,OOA规则生成器和基于规则的分类器。 OOA快速FPGrowth算法适用于有效地生成用于分类的OOA规则。对从King Soft Corporation的反病毒实验室获得的大量PE文件进行了全面的实验研究,以比较各种恶意软件检测方法。有希望的实验结果表明,我们的IMDS系统的准确性和效率优于流行的反病毒软件,如Norton AntiVirus和McAfee VirusScan,以及以前基于数据挖掘的检测系统,采用朴素贝叶斯,支持向量机(SVM)和决策树技术。
课程简介: The proliferation of malware has presented a serious threat to the security of computer systems. Traditional signature-based antivirus systems fail to detect polymorphic and new, previously unseen malicious executables. In this paper, resting on the analysis of Windows API execution sequences called by PE files, we develop the Intelligent Malware Detection System (IMDS) using Objective Oriented Association (OOA) mining based classification. IMDS is an integrated system consisting of three major modules: PE parser, OOA rule generator, and rule based classifier. An OOA Fast FPGrowth algorithm is adapted to efficiently generate OOA rules for classification. A comprehensive experimental study on a large collection of PE files obtained from the anti-virus laboratory of King Soft Corporation is performed to compare various malware detection approaches. Promising experimental results demonstrate that the accuracy and efficiency of our IMDS system outperform popular anti-virus software such as Norton AntiVirus and McAfee VirusScan, as well as previous data mining based detection systems which employed Naive Bayes, Support Vector Machine (SVM) and Decision Tree techniques.
关 键 词: 恶意软件; 防病毒系统; 计算机系统
课程来源: 视频讲座网
最后编审: 2019-05-09:lxf
阅读次数: 59

纠错/补充/评论/留言
评论/留言 纠错/补充
验证算术题: 8 + 2 =