Research On The Detection Method Of Malicious Files In Airborne Information System

The airborne information system serves as a bridge for information exchange between the airborne network and the external public network,and its information security is of great significance for ensuring flight safety.By analyzing the onboard operating system,the information system,the external interaction interface and the files that need to interact with the outside world,two file types in the airborne information system that are most vulnerable to external threats are identified: PDF file and Android software.In order to ensure the information security of the airborne information system,the malicious PDF files detection method and the malicious Android softwares detection method are proposed.The main work is:First,in order to speed up the detection speed of malicious PDF and expand the detection range,a malicious PDF detection method based on composite features is proposed.Using the information entropy difference between malicious PDF and benign PDF to screen suspicious PDF files and benign PDF files;extract structural features and JavaScript code features of suspicious PDF files;input composite feature vectors composed of two types of features into C5.0 decision tree for classification,to determine normal PDF and malicious PDF.Compared with the classic JavaScript-based detection model PJScan and the classic structural feature-based detection model PDFMS,the detection rate is 26.78% higher than PJScan,the detection time is 390 s lower,the false detection rate is 0.7% lower than PDFMS,and the detection time is 473 s lower.Secondly,in order to deal with unknown malicious code and improve the detection rate of malicious Android software,a malicious feature detection method based on composite features is proposed.N-gram extraction is performed on the Dalvik instruction,and N n-grams with the largest information gain are selected as Dalvik feature vectors,and then the static analysis is used to extract the permissions,components and API features.The composite feature vectors composed of the four types of features into C5.0 decision tree for classification,to determine normal APK and malicious APK.Compared with models such as DREBIN,the detection rate is 3.59% higher than DREBIN,and the false detection rate is 1.3% lower.