关键词: 系统调用, 机器学习, cbow模型, 特征选择, 信息增益

Abstract: According to the characteristics of the different malicious software use, the specific system calls to achieve the same functions. A feature extraction method based on malicious software behavior sequence is given and uses machine learning technique to detect malware. System call sequence can take advantages of understandable function information and actual execution condition for malware analysis. The malicious behavior information and characteristics can be easily found from the function information, and malware detection or classification can be realized by analyzing the whole or local information of system call sequence. This paper proposes a approach based on cbow system call sequence to malware behavioral signature extraction and detection. A new concept of system API calling characteristics set of malicious codes is given, using cbow as the feature extraction method as well as considering the feature frequency and information gain. Further, a prototype system is evaluated by multiple malware samples. Experimental results show that the proposed method can effectively improve the detection rate and accuracy of malicious software.

Key words: system call, machine learning, cbow, feature selection, information gain