CAJ | 학술논문

针对定长的指令序列特征维数过高且存在分割特征的问题，本文提出了一种基于变长指令序列与粗糙集属性约简的恶意代码检测技术，采用变长的指令序列可以有效解决特征分割的问题，同时为了有效降低特征规模，只考虑常用的13个指令所构成的指令序列，然后利用粗糙集理论进行冗余特征约简，实验最终获得特征维数非常低并且相对定长的指令序列而言，其分类精度更高，漏报率更低。
침대정장적지령서렬특정유수과고차존재분할특정적문제，본문제출료일충기우변장지령서렬여조조집속성약간적악의대마검측기술，채용변장적지령서렬가이유효해결특정분할적문제，동시위료유효강저특정규모，지고필상용적13개지령소구성적지령서렬，연후이용조조집이론진행용여특정약간，실험최종획득특정유수비상저병차상대정장적지령서렬이언，기분류정도경고，루보솔경저。
In order to solve the problems of increase and separation features in fixed-length Opcode sequences,we propose a malware detection techniques base on variable-length Opcode sequences and rough set attribute reduction theory,using vaiable-length Opcode sequences can effectively solve the problem of separation features, and in order to effectively reduce the scale of features, we only consider the Opcode sequences which composed of the commonly used 13 instruction , afterwards we use rough set theory to reduct its, at last we get the features dimension is very low and contrast to fixed-length sequence of instructions, we get th higher classification accuracy, and false negative rate is lower from experiments ultimately.