北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2019, Vol. 42 ›› Issue (4): 89-95.doi: 10.13190/j.jbupt.2018-318

• 研究报告 • 上一篇    下一篇

一种基于行为集成学习的恶意代码检测方法

胥小波1,2, 张文博1, 何超1, 罗怡1   

  1. 1. 中国电子科技网络信息安全有限公司, 成都 610041;
    2. 中国电子科技集团公司第三十研究所, 成都 610041
  • 收稿日期:2018-12-22 出版日期:2019-08-28 发布日期:2019-08-26
  • 作者简介:胥小波(1985-),男,博士,E-mail:xxb0620@163.com.

A Malicious Code Detection Method Based on Ensemble Learning of Behavior

XU Xiao-bo1,2, ZHANG Wen-bo1, HE Chao1, LUO Yi1   

  1. 1. China Electronics Technology Cyber Security Company Limited, Chengdu 610041, China;
    2. China Electronic Technology Group Corporation Thirtieth Research Institute, Chengdu 610041, China
  • Received:2018-12-22 Online:2019-08-28 Published:2019-08-26

摘要: 为了解决变种恶意代码、未知威胁行为恶意分析等问题,研究了基于梯度提升树的恶意代码分类方法,从大量样本中学习程序行为特征和指令序列特征,实现了智能恶意代码分类功能.将GBDT算法引入恶意代码检测领域,使模型结果行为序列具有可解释性,对恶意代码的检测能力大幅提高.GBDT算法能够客观地反映恶意代码的行为和意图本质,能够准确识别恶意代码.

关键词: 恶意代码, 未知威胁, 梯度提升树, 行为特征

Abstract: In order to solve the problem of variant malicious code and behavior analysis of unknown threat, a method for malware classification based on gradient boosting decision tree (GBDT) algorithm is researched, which learns the characteristics of code behavior and instruction sequence from a large number of samples, and realizes the intelligent malicious code classification function. GBDT algorithm is introduced into the field of malicious code detection, so that the behavior sequence of the model is interpretable, and improves its ability to detect malicious code significantly. GBDT algorithm can reflect the nature of the behavior and intention of malicious code objectively, and identify malicious code accurately.

Key words: malware code, unknown threat, gradient boosting decision tree, behavior characteristics

中图分类号: