http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
A Novel Information Fusion Model for Assessment of Malware Threat
Chao Dai,Jianmin Pang,Xiaochuan Zhang,Guanghui Liang,Hong Bai 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.5
It is not only important for security analysts to judge some binary code is malicious or not, but also to understand the malware “what to do” and “what’s the impact it posed on our information system”. In this paper, we proposed a novel information fusion model to quantitate the threat of malware. The model consists of three levels: the decision making level information fusion, the attribute level information fusion and the behavior level information fusion. These three levels portray special characteristics of malware threat distributed in the assessment model. Combined with the static analysis technology and real-time monitor technology, we implemented a framework of malware threat assessment. The experiment demonstrates that our information fusion model for malware threat assessment is effective to quantitate the threat of malware in accuracy and differentiation degree. In the end, we discussed several issues that could improve the performance of the model.
A Detection Framework of Malicious Code Based on Multi-Classifiers Ensemble
Chao Dai,Jianmin Pang,Feng Yue,Pingfei Cui,Di Sun,Liang Zhu 보안공학연구지원센터 2016 International Journal of Security and Its Applicat Vol.10 No.6
Malicious code detection is one of the important missions of malicious code analysis. Current researches on the detection of malicious code mostly focused on single classifier, whereas the single classifier is not suitable for the detection based on features of different types. We utilized multi-classifiers ensemble based on fuzzy integral to improve the accuracy of the detection framework. A framework based on the Choquet fuzzy integral was proposed to fuse the analysis results of the base classifiers with different features. And the genetic algorithm was used to obtain the fuzzy measure. Finally, the result of Choquet fuzzy integral was compared to a threshold predefined to determine the maliciousness of binary code. Experiment showed that the framework proposed in this paper could be used to determine the maliciousness of binary code more accurately.