Research on Rootkit Dynamic Detection Based on Fuzzy Pattern Recognition and Support Virtual Machine Technology

LI Peng; WANG Ru-chuan; GAO De-hua

doi:10.3969/j.issn.0372-2112.2012.01.019

您当前的位置：

首页 >

文章列表页 >

Research on Rootkit Dynamic Detection Based on Fuzzy Pattern Recognition and Support Virtual Machine Technology

更新时间：2025-07-16

- Research on Rootkit Dynamic Detection Based on Fuzzy Pattern Recognition and Support Virtual Machine Technology
- Acta Electronica Sinica Vol. 40, Issue 1, Pages: 115-120(2012)
- 作者机构：
  
  1. 南京邮电大学计算机学院,江苏,南京,210003
  2. 江苏省无线传感网高技术研究重点实验室,江苏,南京,210003
  3. 宽带无线通信与传感网技术教育部重点实验室,江苏,南京,210003
  4. 南京邮电大学计算机学院江苏南京,210003
  5. 江苏省无线传感网高技术研究重点实验室江苏南京,210003
  6. 宽带无线通信与传感网技术教育部重点实验室江苏南京,210003
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.0372-2112.2012.01.019
  CLC： TP393.08
- Published：2012
- 稿件说明：
移动端阅览
LI Peng, WANG Ru-chuan, GAO De-hua. Research on Rootkit Dynamic Detection Based on Fuzzy Pattern Recognition and Support Virtual Machine Technology[J]. Acta Electronica Sinica, 2012, 40(1): 115-120.
DOI：

LI Peng, WANG Ru-chuan, GAO De-hua. Research on Rootkit Dynamic Detection Based on Fuzzy Pattern Recognition and Support Virtual Machine Technology[J]. Acta Electronica Sinica, 2012, 40(1): 115-120. DOI： 10.3969/j.issn.0372-2112.2012.01.019.

摘要

针对Rootkit恶意代码动态检测技术进行研究.总结出典型Rootkit恶意程序动态行为所调用的系统API函数.实时统计API调用序列生成元并形成特征向量

通过模糊隶属函数和模糊权向量

采用加权平均法得到模糊识别的评估结果;基于层次的多属性支持向量机分析法构建子任务;基于各个动态行为属性的汉明距离定位Rootkit的类型.提出的动态检测技术提高了自动检测Rootkit的准确率

也可以用于检测未知类型恶意代码.

Abstract

Dynamic detection technology of Rootkit malicious code has been studied.It summarizes typical dynamic system API functions which are called by Rootkit malicious codes.It extracts behavioural characters of the typical system API functional series accompany with the running of malicious code

forms feature vectors by counting up the generating elements important degree of system call series

uses fuzzy membership function and normalization fuzzy weights vector

and comes to the fuzzy pattern recognition conclusion with the use of weighted averaging method.It exactly locates the types of Rootkit malicious code based on the analysis method of layered multi-attributes support virtual machine

according to the subtasks constructed by the independent API system call behaviours

and with the calculation of hamming distance of dynamic behaviour properties.Experiments indicates the proposed dynamic detection method of combining fuzzy pattern recognition with support virtual machine technology not only improves the accuracy rate of Rootkit automatic detection but also has the ability of detecting the previous unknown type malicious code.

关键词

Keywords

references

Views

1191

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Survey of Zero Trust Management for Large-Scale Internet of Things

Conditional Context-Aware Detection for Android Malicious Virtualization Apps

Malware Classification Method Based on Improved CNN

A Fast Malicious Code Detection Method Based on Feature Fusion

Research on Modeling of Latent Virus Propagation Behavior with Increasing or Decreasing Network Nodes

Related Author

XING Fang-yuan

DONG Ao

SUN Yu-yi

TONG Fei

HE Shi-bo

CHENG Guang

MENG Zhao-yi

HUANG Wen-chao

Related Institution

School of Cyber Science and Engineering, Southeast University

School of Information Science and Technology, Hangzhou Normal University

College of Control Science and Engineering, Zhejiang University

School of Computer Science and Technology， Anhui University

School of Computer Science and Technology， University of Science and Technology of China

⁰