期刊
DIGITAL INVESTIGATION
卷 27, 期 -, 页码 30-37出版社
ELSEVIER SCI LTD
DOI: 10.1016/j.diin.2018.09.006
关键词
Dynamic analysis; Hardware features; Memory dump; Malware classification
资金
- National Natural Science Foundation of China [61571364]
- Shaanxi Provincial Natural Science Foundation [2017JM6037]
Effective analysis of malware is of great significance in guaranteeing the reliability of the system operation. Malware can easily escape from existing dynamic analysis methods. Aiming at the deficiencies of current methods for detecting malware dynamically, a method of using hardware features is proposed, namely, a memory dump file is extracted and converted into a grayscale image, the image is converted into a fixed size, and the image feature is extracted using histogram of gradient, and the currently popular classifier algorithm is used to classify malware. Experiments are conducted using actual malware samples and the effectiveness of using memory dump file image is verified. This method is superior to the recently proposed hardware performance counter detection method. (C) 2018 Elsevier Ltd. All rights reserved.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据