• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Applied Intelligence: The International Journal of Artificial Intelligence, Neural Networks, and Complex Problem-Solving Technologies >An entropy-based distance measure for analyzing and detecting metamorphic malware
【24h】

An entropy-based distance measure for analyzing and detecting metamorphic malware

机译:基于熵的分析和检测变质恶意软件的距离测量

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Metamorphic malware is a kind of malware which evades signature-based anti-viruses by changing its internal structure in each infection. This paper, firstly, introduces a new measure of distance between two computer programs called program dissimilarity measure based on entropy (PDME). Then, it suggests a measure for the degree of metamorphism, based on the suggested distance measure. The distance measure is defined based on the Entropy of the two malware programs. Moreover, the paper shows that the distance measure can be used for classifying metamorphic malware via K-Nearest Neighbors (KNN) method. The method is evaluated by four metamorphic malware families. The results demonstrate that the measure can indicate the degree of metamorphism efficiently, and the KNN classification method using PDME can classify the metamorphic malware with a high precision.
机译:变质恶意软件是一种恶意软件,通过在每种感染中改变其内部结构来逃避签名的抗病毒。 本文首先介绍了一种基于熵(PDME)的距离称为程序异化度量的两台计算机程序之间的距离的新距离。 然后,基于所提出的距离测量,它表明了变质程度的措施。 距离测量是基于两个恶意软件程序的熵定义的。 此外,本文表明,距离测量可用于通过K-CORMATE邻居(KNN)方法对变质恶意软件进行分类。 该方法由四个变形恶意软件系列评估。 结果表明,该措施可以有效地指示变质程度,并且使用PDME的KNN分类方法可以以高精度对变质恶意软件进行分类。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号