摘要
针对恶意软件泛滥而现行杀毒软件无法检测未知恶意软件的情况,同时经分析恶意软件,发现虽然其形式多样,但是表现出的恶意行为却存在一定的规律性。由此提出一种实现可信计算动态度量的方法,通过拦截程序运行期间产生的行为,构建决策树模型,以此为依据来判定程序行为是否符合预期。实验证明,此方法可以检测出未知恶意软件,之后通过改进数据预处理模块可以进一步降低误报率以及漏报率。
Aiming at the fact that the malicious software runs rampant and current antivirus software could not detect the unknown malicious software, analysis on malicious software is done, and this analysis reveals that the malicious software although various in forms, its behavior is of some regularity. Therefore, a novel method is proposed to realize the dynamic measurement of trusted computing. The behavior of the process is intercepted to generate the decision tree, and based on this whether the application accords with expecta- tion is determined. Experimental results indicate that this method could detect unknown malicious soft- ware, and by modifying the preprocessing module ,the false alarm rate and missing-report rate could be further reduced.
出处
《通信技术》
2015年第11期1290-1294,共5页
Communications Technology
关键词
可信计算
动态度量
决策树
行为
trusted computing
dynamic measurement
decision tree
behavior
