Method of unknown virus detection based on analysis of Win32 API behaviors

Computer Engineering and Applications ›› 2011, Vol. 47 ›› Issue (27): 119-121.

• 网络、通信、安全 • Previous Articles Next Articles

Method of unknown virus detection based on analysis of Win32 API behaviors

LIU Shuai1，WU Yanxia1，MA Chunguang1，GU Guochang1，LONG Qin2

1.College of Computer Science and Technology，Harbin Engineering University，Harbin 150001，China
2.Intel Asia-Pacific Research & Development Ltd，Shanghai 200241，China

Received:1900-01-01 Revised:1900-01-01 Online:2011-09-21 Published:2011-09-21

采用Win32 API相关行为分析的未知病毒检测方法

刘帅1，吴艳霞1，马春光1，顾国昌1，龙勤2

1.哈尔滨工程大学计算机科学与技术学院，哈尔滨 150001
2.英特尔亚太研发有限公司，上海 200241

Abstract

Abstract: In view of the current behavior-based unknown virus detection methods need to run executable programs and can’t detect static virus such as dropper，the static method based on Win32 API behaviors for detecting unknown virus is proposed.Firstly parsing PE files to extract the sensitive Win32 API calls，then classifying the API functions based on malicious behavior and conducting a fixed dimension characteristic behavior vector into a database.With the feature extraction method of minimizing discriminant entropy，the redundant feature items are reduced，finally the improved K-Nearest Neighbor（KNN） algorithm is used to classify.The experiment results show that the method has a high hit rate and lower missing rate，suitable for unknown virus detection in Cloud Security system.

Key words: unknown virus detection, feature extraction, K-Nearest Neighbor（KNN） algorithm, reduce feature item

摘要： 针对目前基于行为分析的未知病毒检测方法需要运行可执行程序，无法检测出以静态形式存在计算机中的滴管等病毒的问题，提出了一种基于Win32 API相关行为检测PE未知病毒的方法。首先解析PE文件提取其调用的敏感Win32 API函数，然后将这些API函数按相关的恶意行为分类并形成维数固定的特征行为向量存入数据库。采用基于判别熵最小化的特征提取法自适应的精简特征项，最后利用改进的K-最近邻算法进行分类。实验结果表明，该方法具有较高的命中率和较低的漏判率，适用于“云安全”系统中未知病毒的检测。

关键词: 未知病毒检测, 特征提取, K-最近邻算法, 精简特征项

LIU Shuai1，WU Yanxia1，MA Chunguang1，GU Guochang1，LONG Qin2. Method of unknown virus detection based on analysis of Win32 API behaviors[J]. Computer Engineering and Applications, 2011, 47(27): 119-121.

刘帅1，吴艳霞1，马春光1，顾国昌1，龙勤2. 采用Win32 API相关行为分析的未知病毒检测方法[J]. 计算机工程与应用, 2011, 47(27): 119-121.

[1]	BAO Zhiqiang, XING Yu, LYU Shaoqing, HUANG Qiongdan. Improved YOLO V2 6D Object Pose Estimation Algorithm [J]. Computer Engineering and Applications, 2021, 57(9): 148-153.
[2]	XU Degang, WANG Lu, LI Fan. Review of Typical Object Detection Algorithms for Deep Learning [J]. Computer Engineering and Applications, 2021, 57(8): 10-25.
[3]	HU Wentao, CHEN Xiuhong. Low-Rank Projection Learning Based on Neighbor Graph [J]. Computer Engineering and Applications, 2021, 57(7): 209-214.
[4]	ZHANG Xiaoli, ZHANG Kuixing, JIANG Mei, WEI Benzheng, CONG Jinyu. Review of Image Classification Technology for Lymphoma [J]. Computer Engineering and Applications, 2021, 57(6): 1-9.
[5]	LEI Henglin, Gulanbaier Tuerhong, Mairidan Wushouer, ZHANG Dongmei. Review of Novelty Detection [J]. Computer Engineering and Applications, 2021, 57(5): 47-55.
[6]	XIONG Jian, QIN Renchao, HE Mengyi, LIU Jianlan, TANG Fengyang. Application of Improved Random Forest Algorithm in Android Malware Detection [J]. Computer Engineering and Applications, 2021, 57(3): 130-136.
[7]	LI Longlong, HE Dongjian, WANG Meili. Study of Plant Leaf Image Recognition Based on Improved Local Binary Pattern Algorithm [J]. Computer Engineering and Applications, 2021, 57(19): 228-234.
[8]	LI Jie, LI Miao, YUAN Xiguo. Detection Algorithm?of Pathogenic Microbes from Next-Generation Sequencing Data [J]. Computer Engineering and Applications, 2021, 57(19): 282-289.
[9]	GUO Hengguang, LIU Wenbiao, YU Renbo. Shape Feature Extraction Using Spike Function [J]. Computer Engineering and Applications, 2021, 57(18): 220-226.
[10]	LI Zhenqiang, WANG Shucai, ZHAO Shida, BAI Yu. Cutting Methods of Sheep’s Trunk Based on Improved DeepLabv3+ and XGBoost [J]. Computer Engineering and Applications, 2021, 57(18): 263-269.
[11]	LIU Xingchen, JIA Juncheng, ZHANG Li, HU Qinhan. Feature Concentration Network for Image Super-Resolution [J]. Computer Engineering and Applications, 2021, 57(16): 213-219.
[12]	GUANG Ruizhi, AN Bowen, PAN Shengda. Channel Ship Detection Algorithm for Aerial Image Based on Anchor-Free Network [J]. Computer Engineering and Applications, 2021, 57(15): 251-258.
[13]	ZHOU Xiaojing, CHEN Junhong, YANG Zhenguo, LIU Wenyin. Manipulation Action Recognition Based on Gesture Feature Fusion [J]. Computer Engineering and Applications, 2021, 57(14): 169-175.
[14]	YUE Qi, XU Zhongliang, GUO Jifeng. Sparse Feature Extraction Method for Mixed Instruments Music Analysis [J]. Computer Engineering and Applications, 2021, 57(14): 181-186.
[15]	CHEN Guihui, CHEN Wu, LI Zhongbing, YI Xin, LIU Huikang, HAN Chunyang. Image Super Resolution Reconstruction Based on Residual Convolution Attention Network [J]. Computer Engineering and Applications, 2021, 57(12): 193-200.

Method of unknown virus detection based on analysis of Win32 API behaviors

采用Win32 API相关行为分析的未知病毒检测方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics