Considering the fact that the determination of the executable file maliciousness is hard to achieve, an approach based on the evidence theory is presented in this paper. First, a model for determining the maliciousness is established. Then characters compromising security are extracted to construct the set of program behaviors through decompiling the program. The model is trained using the BP neural network to gain the basic probability assignment functions (BPAF) of each behavior, and the weighted sum method is applied to combine the program behaviors, determining the executable file maliciousness. Experimental results demonstrate the validity of the approach which uses the evidence theory to determine the maliciousness of program.%针对可执行程序恶意性难以判定的情况,提出一种基于证据推理的程序恶意性判定方法.首先,建立程序恶意性判定模型;然后,通过对程序进行反编译,抽取影响程序安全性的特征,建立程序行为集合;使用BP神经网络对模型进行训练得到各个行为的概率分配函数BPAF(basic probability assignment functions),并使用加权和形式的合成法则对程序行为进行合成;最后,实现对程序恶意性的判定.实验结果表明了该方法的有效性.
展开▼
