| As cloud computing grows faster and more rapidly,cloud security is becoming increasingly important.Therefore,it is necessary to ensure the security of virtual machines in the cloud in order to ensure cloud security.In recent years,many studies have shown that the primary threat to virtual machine security comes from malicious code in virtual machines.The existence of malicious code makes virtual machines more vulnerable,which in turn makes cloud platform security at risk.Malicious code recognition is a very important task in cloud security.Analyzing suspicious code and identifying malicious code is a very important means in cloud security.The methods of malicious code recognition can be classified into static and dynamic categories.Dynamic analysis technology needs to create a virtual environment to execute a variety of malicious code and observe the behavior of malicious code.Time and resource consumption is the main defect that dynamic analysis technology cannot ignore.The static analysis method recognize malicious code by analyzing the significant common characteristics of the malicious code without executing the malicious code.In contrast,the static analysis method has the advantages of simplicity and no specific execution environment.Besides,it can protect the operating system.Therefore,this paper recognize malicious code from a point of view of static analysis.First,the paper selects the features of operation code and binary byte code to recognize malicious code.There are many redundant operation code and these operation code do not have obvious characteristics to distinguish the malicious code family.Besides,these operation codes will also increase the time overhead of opcode feature generation.So the paper proposes an N-gram feature extraction method based on operation code main block selection.To address the issue of high dimension of malicious code features and low recognition accuracy by using single feature,a malicious code feature fusion method based on cascading SimHash is proposed for malicious code recognition.The method selects different SimHash functions for fusing the combined characteristics of malicious code to improve the accuracy of malicious code recognition.Second,random forest uses the principle of simple voting to calculate the final classification results,thus ignoring the difference in classification capacity between eachdecision tree,which could decrease the recognition accuracy.Therefore,the paper proposes an improved random forest cloud safety analysis method based on weighted voting.The method use out-of-bag samples to calculate the weight of each decision tree,distinguishing the ability of each decision tree and improving the recognition accuracy of the random forest.Finally,the paper experimentally validates the proposed malicious code recognition method using different data sources.The experimental results show the proposed method reduces the feature dimension and improves the recognition accuracy of the malicious code. |
PDF Full Text Request