CAJ | 학술논문

在云计算应用环境下，由于服务系统越来越复杂，网络安全漏洞和被攻击情况急剧增加，传统的恶意代码检测技术和防护模式已无法适应云存储环境的需求。为此，通过引入高斯混合模型，建立恶意代码的分层检测机制，使用信息增益和文档频率等方法分析和提取样本数据特征值，结合K-L散度特性，提出基于K-L散度的恶意代码模型聚类检测方法。采用KDDCUP99数据集，使用Weka开源软件完成数据预处理和聚类分析。实验结果表明，在结合信息增益和文档频率进行特征分析的前提下，与贝叶斯算法相比，该方法在虚拟环境中恶意代码的平均检测时间降低16.6%，恶意代码的平均检测率提高1.05%。
재운계산응용배경하，유우복무계통월래월복잡，망락안전루동화피공격정황급극증가，전통적악의대마검측기술화방호모식이무법괄응운존저배경적수구。위차，통과인입고사혼합모형，건립악의대마적분층검측궤제，사용신식증익화문당빈솔등방법분석화제취양본수거특정치，결합K-L산도특성，제출기우K-L산도적악의대마모형취류검측방법。채용KDDCUP99수거집，사용Weka개원연건완성수거예처리화취류분석。실험결과표명，재결합신식증익화문당빈솔진행특정분석적전제하，여패협사산법상비，해방법재허의배경중악의대마적평균검측시간강저16.6%，악의대마적평균검측솔제고1.05%。
Under the environment of the cloud computing, the network security vulnerabilities and attack increase rapidly because the service system is more and more complex, and the traditional pattern of malicious code detection technology and protection can not meet the requirement of cloud storage environment. This paper introduces Gaussian Mixture Model( GMM) to build the layered detection mechanism of the malicious code,uses the methods of information gain and document frequency to analyze the malicious code feature,combining K-L Divergence( KLD) to put forward a method of model clustering on malicious code based on K-L divergence method,this method can improve the malicious code detection rate and accurate efficiency than other methods. This paper adopts KDDCUP99 data sets to complete the process of data preprocessing and cluster analysis using the Weka open-source software. Experimental results show that the average malicious code detection time proposed by this paper improves by 16 . 6% compared with Bayes-algorithm;and meanwhile the rate of malicious code detection increases by 1. 05 % under the virtual environment.