关键词: 计算机病毒 支持向量机 病毒检测

Abstract:

Since the first computer virus was found, scanning detection has been used as a primary method in virus detection systems. As viruses become more comp lex and sophisticated, the scanning detection method is no longer able to detect the various forms of malicious code effectively. We explore the idea of automatically detecting viruses based on Support Vec- tor Machine （SVM） and not strictly dependent on certain viruses. By utilizing SVM, the generali izing ability of virus detection systems is still good when the sample size is small An experiment using the system API function call trace is given to  illustrate the performance of this method. Finally, the comparison of detection abilities between the above detection method and others is given. Eviden ce shows that the sequences of the operating system API function calls executed by the running programs are a good discriminator between benign and malicious PE files, the detection system based on SVM needs less priori knowledge than other methods, and can shorten the training time under the same detection performance condition.

Key words: computer virus, support vector machine, virus detection