欢迎访问中国科学院大学学报,今天是

中国科学院大学学报 ›› 2010, Vol. 27 ›› Issue (2): 267-274.DOI: 10.7523/j.issn.2095-6134.2010.2.019

• 论文 • 上一篇    下一篇

基于空间向量计算的恶意文档检测技术

李伟1, 苏璞睿2, 时云峰3   

  1. 1. 中国科学院研究生院,北京 100049;;
    2. 中国科学院软件研究所,北京 100190;
    3. 清华大学计算机系,北京 100084
  • 收稿日期:2009-08-04 修回日期:2009-12-01 发布日期:2010-03-15

A technique for detecting malicious documents based on calculation of vector spaces

LI Wei1, SU Pu-Rui2, SHI Yun-Feng3   

  1. 1. Graduate University of the Chinese Academy of Sciences,Beijing 100049,China;
    2. Institute of Software, Chinese Academy of Sciences,Beijing 100190,China;
    3. Department of Computer Science and Technology, Tsinghua University,Beijing 100084,China
  • Received:2009-08-04 Revised:2009-12-01 Published:2010-03-15

摘要:

通过对恶意文档的攻击方式、组成结构和攻击代码的全面分析,提出了一种基于空间向量计算的检测方法,针对典型的变形手段提出了有针对性的改进.对119个文档进行了检测,结果表明,与传统检测软件相比,该算法对恶意文档检测在漏报率和误报率上均具备一定优势.

关键词: 恶意文档, 数理统计, 空间向量

Abstract:

Through a comprehensive analysis of the attack way, composition structure, and attack code of malicious documents, we present a detecting method based on the mathematical statistics and vector computation, and make targeted improvements for a typical deformation means. We tested 119 documents using this algorithm, and the results show that, compared with conventional detection software, this algorithm detects a malicious document with low fail-to-report rate and low false alarm rate.

Key words: malicious file, mathematical statistics, vector space

中图分类号: