摘要
针对传统木马检测方法误检率和漏检率较高的问题,提出基于非线性支持向量机(SVM)模型的木马检测方法。根据被检测程序在系统中的系统调用函数建立系统调用序列,并转换成SVM可识别的标记放入数据仓库,以供向量机提取作为特征向量。通过建立SVM分类器对被检测程序行为进行分类,从而确定被检测程序行为的异常情况,判断其是否为木马。实验结果表明,该方法检测准确率高,占用的系统资源少,在检测时间、检测已知和未知木马攻击上都具有较好的性能。
Aiming at the shortcoming of traditional anti-Trojan technologies,this paper presents the Trojan horse detection method based on nonlinear Support Vector Machine(SVM) model.This method establishes system call sequences in accordance with its system calls function in the system,and converts into SVM readable tags,and places in the data warehouse for SVM extracted as the feature vectors.And to determine the abnormal behavior of testing procedures to determine whether it is Trojan horse by classifying the detected program behaviors based on the SVM classifier.Experimental results show that this method has high accuracy rate,and takes up very little system resource.Besides,it also has a very good performance in detection time and detection of known and unknown Trojan horse attacks.
出处
《计算机工程》
CAS
CSCD
北大核心
2011年第8期121-123,共3页
Computer Engineering
基金
国家自然科学基金资助项目(60373003)
河南工业大学校基金资助项目(2006BS009)
关键词
木马
非线性
支持向量机
特征向量
Trojan horse; nonlinear; Support Vector Machine(SVM); feature vector;