高级检索

    基于最大频繁子图挖掘的动态污点分析方法

    A Dynamic Stain Analysis Method on Maximal Frequent Sub Graph Mining

    • 摘要: 目前,传统面向恶意代码识别的动态污点分析方法广泛存在行为依赖图数量巨大、匹配时间消耗长的问题.提出一种动态污点分析方法——基于最大频繁子图挖掘的动态污点分析方法.该方法从恶意代码家族行为依赖图挖掘出代表家族显著共性特征的最大频繁子图,被挖掘出的最大频繁子图即为某类恶意代码家族以及该家族所有变种之间最为突出的共有特征,使用挖掘出的最大频繁子图与被测行为依赖图进行比较匹配即可.既能够保证原有恶意代码特征无丢失又削减了行为依赖图数量,并在此基础上进一步提升了识别效率.经实验分析,提出的这种新的动态污点分析方法相比于传统方法,当最小支持度为0.045时,行为依赖图数量减少了82%,识别效率提高了81.7%,准确率达到了92.15%.

       

      Abstract: The malicious code recognition method on traditional dynamic stain analysis technology has many problems such as huge number of malicious code behavior dependency graphs (MBDG) and long time of matching process.According to the common characteristics of each malicious code family, the behavior dependency graph is represented by some common sub graph parts. Therefore, this paper proposes a malicious code behavior dependency graph mining method based on maximum frequent sub graphs. The method mines the largest frequent sub graphs which can represent the significant common features of the family from the malicious code family behavior dependency graph. The maximum frequent sub graph that is mined can represent the most significant common feature among the variants of this type of malicious code. The target behavior dependency graph just needs to be matched with the largest frequent sub graph after mining.Besides, the method reduces the number of behavior dependency graphs and improves the recognition efficiency without losing the characteristics of malicious code behavior. Compared with the traditional dynamic stain analysis method for malicious code recognition, when the minimum support is 0.045, the number of behavior dependency graphs decreases by 82%, the recognition efficiency increases by 81.7%, and the accuracy rate is 92.15%.

       

    /

    返回文章
    返回