Computer Engineering and Applications ›› 2018, Vol. 54 ›› Issue (21): 20-24.DOI: 10.3778/j.issn.1002-8331.1808-0098
Previous Articles Next Articles
LIU Pengrui, SONG Lipeng
Online:
Published:
刘鹏睿,宋礼鹏
Abstract: This paper proposes an efficient dimension reduction method to avoid the curse of dimensionality caused by using the N-gram model to identify malicious JavaScript. The method uses the TF-IDF-like model to calculate respectively the weight of features in normal samples and malicious samples, and carries out dimension reduction based on the difference feature weight. Based on many recognition algorithms, this paper compares the proposed method with the dimension reduction method based on Principal Component Analysis(PCA). The experimental results demonstrate two conclusions. Firstly, the recognition effect of the proposed method is better than that of PCA at the same feature dimension. Secondly, when the reserved dimension exceeds a certain threshold, with the increase of the reserved dimension, the growth rate of time cost is much lower than PCA.
Key words: dimension reduction, TF-IDF-like model, different weight of features, JavaScript, Principal Component Analysis(PCA)
摘要: 针对将JavaScript代码N-gram处理后识别算法特征维度较高的问题,提出一种高效的降维方法。该方法利用TF-IDF-like模型分别计算特征在正常样本和恶意样本中的权重,基于特征权重在两类样本中的差异度进行降维。基于多个识别算法,将提出的降维方法与基于主成分分析(Principal Component Analysis,PCA)的降维方法进行比较,实验结果表明:当识别算法维度相同时,基于本文所给降维方法的识别算法在识别效果方面优于基于PCA的识别算法;当降维后识别算法的维度超过某个阈值时,随着识别算法维度的增长,本降维方法的时间开销增长速率远低于PCA方法。
关键词: 降维, TF-IDF-like模型, 特征差异度, JavaScript, 主成分分析(PCA)
LIU Pengrui, SONG Lipeng. Using dimension reduction approach to identify malicious JavaScript[J]. Computer Engineering and Applications, 2018, 54(21): 20-24.
刘鹏睿,宋礼鹏. 针对恶意JavaScript识别的降维方法[J]. 计算机工程与应用, 2018, 54(21): 20-24.
0 / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://cea.ceaj.org/EN/10.3778/j.issn.1002-8331.1808-0098
http://cea.ceaj.org/EN/Y2018/V54/I21/20