A Malware Detection Method Based on Hybrid Learning

LIANG Guang-hui; BAI Liang; PANG Jian-min; SHAN Zheng; YUE Feng; ZHANG Lei

doi:10.12263/DZXB.20180711

您当前的位置：

首页 >

文章列表页 >

A Malware Detection Method Based on Hybrid Learning

更新时间：2025-12-08

- A Malware Detection Method Based on Hybrid Learning
- Acta Electronica Sinica Vol. 49, Issue 2, Pages: 286-291(2021)
- 作者机构：
  
  1. 解放军信息工程大学,河南,郑州,450002
  2. 国家计算机网络应急技术处理协调中心,北京,100029
  3. 数学工程与先进计算国家重点实验室,河南,郑州,450002
  4. Unit 78090,Sichuan,Chengdu,China,610000
  5. 解放军信息工程大学,河南,郑州,450002
  6. 国家计算机网络应急技术处理协调中心,北京,100029
  7. 数学工程与先进计算国家重点实验室,河南,郑州,450002
  8. Unit 78090 Chengdu Sichuan China,610000
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China (No.61472447, No.61802435, No.61802433)
- DOI：10.12263/DZXB.20180711
  CLC： TP305
- Published Online：25 February 2021，
  
  Published：2021
- 稿件说明：
移动端阅览
LIANG Guang-hui, BAI Liang, PANG Jian-min, et al. A Malware Detection Method Based on Hybrid Learning[J]. Acta Electronica Sinica, 2021, 49(2): 286-291.
DOI：

LIANG Guang-hui, BAI Liang, PANG Jian-min, et al. A Malware Detection Method Based on Hybrid Learning[J]. Acta Electronica Sinica, 2021, 49(2): 286-291. DOI： 10.12263/DZXB.20180711.

摘要

近年来，自动化沙箱被广泛部署并应用于恶意代码分析与检测，然而随着恶意代码数量的激增和抗分析能力的增强，如何有效应对海量恶意代码分析任务，提高沙箱系统分析效率，是增强网络安全防御能力的一个重要研究方向.本文利用不同学习方式以及恶意代码动、静态特征的特点，提出了一种基于混合学习模型的恶意代码检测方法，分别提取恶意代码的静态模糊哈希特征和动态行为特征，然后将无监督聚类学习与有监督的分类学习相结合用于恶意代码检测.实验表明，在不影响检测精度的情况下，只利用了原有系统0.02%分析时间提高了整个系统25.6%的检测速度.

Abstract

In recent years

automated sandboxes have been widely deployed for malware analysis and detection. However

with the rapid increase column of malware and the enhancement of anti-analysis capabilities

how to effectively handle these massive malware analysis tasks and improve the efficiency of sandbox system is an important research topic. Based on the characteristics of different learning methods and malware dynamic and static features

this paper proposes a malware detection method based on a hybrid learning model. We extract static fuzzy-hash features and dynamic behavior features of malware

then unsupervised clustering learning is combined with supervised classification learning. Experiments show that using only 0.02% of the analysis time improves the detection speed of the entire system by 25.6% without affecting the detection accuracy.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Malware Classification Method Based on MP-FSCIL

P2P-Based Super Botnet:Threats and Defenses

An Automatic Malware Homology Identification Method Based on Calling Habits

Communication Protocol Reverse Engineering of Malware Using Dynamic Taint Analysis

Related Author

WANG Lei

LIU Qiang

WANG Jian

SU Pu-rui

FENG Deng-guo

YING Ling-yun

QIAO Yan-chen

LI Shu-hao

Related Institution

Air Defense and Antimissile School, Air Force Engineering University

Air Traffic Control and Navigation School, Air Force Engineering University

State Key Laboratory of Information Security,Graduate University of Chinese Academy of Sciences

State Key Laboratory of Information Security,Institute of Software,Chinese Academy of Sciences

State Key Laboratory of Information SecurityGraduate University of Chinese Academy of SciencesBeijing 100080China

⁰