TriCh-LKRepNet: A Large Kernel Convolutional Malicious Code Classification Network for Structure Reparameterisation and Triple-Channel Mapping

LI Si-cong; WANG Jian; SONG Ya-fei; WANG Shuo

doi:10.12263/DZXB.20240162

您当前的位置：

首页 >

文章列表页 >

TriCh-LKRepNet: A Large Kernel Convolutional Malicious Code Classification Network for Structure Reparameterisation and Triple-Channel Mapping

PAPERS | 更新时间：2025-12-24

- TriCh-LKRepNet: A Large Kernel Convolutional Malicious Code Classification Network for Structure Reparameterisation and Triple-Channel Mapping
- ACTA ELECTRONICA SINICA Vol. 52, Issue 7, Pages: 2331-2340(2024)
- 作者机构：
  
  1.空军工程大学防空反导学院，陕西西安 710051
  2.中国人民解放军95285部队，广西桂林 541000
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China(61806219;61703426;61876189);Natural Science Foundation of Shaanxi Province(2021JM226);Young Talent fund of University and Association for Science and Technology in Shaanxi, China(20190108;20220106);Young Talent fund of University and Association for Science and Technology in Shaanxi, China(2020KJXX-065)
- DOI：10.12263/DZXB.20240162
  CLC： TP309.5
- Received：21 February 2024，
  
  Revised：2024-04-16，
  
  Published：25 July 2024
- 稿件说明：
移动端阅览
李思聪, 王坚, 宋亚飞, 等. TriCh-LKRepNet:融合三通道映射与结构重参数化的大核卷积恶意代码分类网络[J]. 电子学报, 2024, 52(07): 2331-2340.

LI Si-cong, WANG Jian, SONG Ya-fei, et al. TriCh-LKRepNet: A Large Kernel Convolutional Malicious Code Classification Network for Structure Reparameterisation and Triple-Channel Mapping[J]. Acta Electronica Sinica, 2024, 52(07): 2331-2340.
李思聪, 王坚, 宋亚飞, 等. TriCh-LKRepNet:融合三通道映射与结构重参数化的大核卷积恶意代码分类网络[J]. 电子学报, 2024, 52(07): 2331-2340. DOI：10.12263/DZXB.20240162

LI Si-cong, WANG Jian, SONG Ya-fei, et al. TriCh-LKRepNet: A Large Kernel Convolutional Malicious Code Classification Network for Structure Reparameterisation and Triple-Channel Mapping[J]. Acta Electronica Sinica, 2024, 52(07): 2331-2340. DOI：10.12263/DZXB.20240162

摘要

随着网络威胁的日益严峻，恶意代码的检测与分类变得尤为关键.传统分析方法依赖手动特征提取，不仅耗时且难以跟上恶意代码的快速变异.相比之下，深度学习技术在恶意代码分类方面展现出巨大潜力.然而，模型复杂度和资源消耗仍是实际部署的难题.本研究提出了TriCh-LKRepNet（Triple-Channel Large Kernel Reparameterisation Network），该网络专注于轻量化设计，旨在确保检测性能的同时降低计算和内存需求.通过提出的三通道映射技术，将恶意代码的多维信息有效转换为图像通道，增强了特征的区分性.结合卷积神经网络（Convolutional Neural Networks，CNN）和Transformer的优势，设计了一个高效的深度学习架构，并通过重参数化技术优化了连接路径，以降低内存消耗并提升运行效率.此外，引入的线性训练时间过参数化和大卷积核技术进一步降低了模型的参数量和计算负担.通过实验证明，TriCh-LKRepNet在提升恶意代码分类精度的同时实现了模型的轻量化，与现有技术相比，展现出更佳的性能和更广泛的应用潜力，特别是在资源受限和需要实时检测的环境中，提供了一种有效的解决方案.

Abstract

With the increasing severity of cyber threats

the detection and classification of malicious code has become particularly critical. Traditional analysis methods rely on manual feature extraction

which is time-consuming and difficult to keep up with the rapid mutation of malicious code. In contrast

deep learning techniques show great potential for malicious code classification. However

model complexity and resource consumption are still challenges for practical deployment. In this study

we propose the TriCh-LKRepNet (Triple-Channel Large Kernel Reparameterisation Network)

which focuses on lightweight design and aims to ensure detection performance while reducing computation and memory requirements. Through the proposed three-channel mapping technique

the multi-dimensional information of malicious code is effectively converted into image channels

which enhances the differentiation of features. An efficient deep learning architecture is designed by combining the advantages of convolutional neural networks (CNN) and Transformer

and the connection paths are optimized by a reparameterization technique to reduce the memory consumption and enhance the operation efficiency. In addition

the introduced linear training time over-parameterization and large convolutional kernel techniques further reduce the number of parameters and computational burden of the model. It is experimentally demonstrated that TriCh-LKRepNet improves the malicious code classification accuracy while realizing the model's lightweight

which shows better performance and wider application potential than existing techniques

especially in resource-constrained environments where real-time detection is required

providing an effective solution.

关键词

Keywords

references

The Independent IT-Security Institute . Malware statistics‍ [EB/OL ] . ( 2022-02-06 )[ 2023-07-14 ] . https://dataprot.‍net/statistics/malware-statistics https://dataprot.‍net/statistics/malware-statistics .

SHABTAI A , MOSKOVITCH R , ELOVICI Y , et al . Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey [J ] . Information Security Technical Report , 2009 , 14 ( 1 ): 16 - 29 .

MANAVI F , HAMZEH A . A novel approach for ransomware detection based on PE header using graph embedding‍ [J ] . Journal of Computer Virology and Hacking Techniques , 2022 , 18 ( 4 ): 285 - 296 .

VYAS R , LUO X , MCFARLAND N , et al . Investigation of malicious portable executable file detection on the network using supervised learning techniques [C ] // 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) . Piscataway : IEEE , 2017 : 941 - 946 .

SUN Z , RAO Z H , CHEN J F , et al . An opcode sequences analysis method for unknown malware detection [C ] // Proceedings of the 2019 2nd International Conference on Geoinformatics and Data Analysis . New York : ACM , 2019 : 15 - 19 .

KAN Z L , WANG H Y , XU G A , et al . Towards light-weight deep learning based malware detection [C ] // 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC) . Piscataway : IEEE , 2018 : 600 - 609 .

SHAO Y L , LU Y , WEI D , et al . Malicious code classification method based on deep residual network and hybrid attention mechanism for edge security [J ] . Wireless Communications and Mobile Computing , 2022 , 2022 : 3301718 .

李晓勇 , 马威 . 动态代码的实时可信传递研究 [J ] . 电子学报 , 2012 , 40 ( 10 ): 2009 - 2014 .

LI X Y , MA W . Research on real-time transitive trust for dynamic codes [J ] . Acta Electronica Sinica , 2012 , 40 ( 10 ): 2009 - 2014 . (in Chinese)

JACOB G , DEBAR H , FILIOL E . Behavioral detection of malware: From a survey towards an established taxonomy‍ [J ] . Journal in Computer Virology , 2008 , 4 ( 3 ): 251 - 266 .

刘豫 , 王明华 , 苏璞睿 , 等 . 基于动态污点分析的恶意代码通信协议逆向分析方法 [J ] . 电子学报 , 2012 , 40 ( 4 ): 661 - 668 .

LIU Y , WANG M H , SU P R , et al . Communication protocol reverse engineering of malware using dynamic taint analysis‍ [J ] . Acta Electronica Sinica , 2012 , 40 ( 4 ): 661 - 668 . (in Chinese)

ELOVICI Y , SHABTAI A , MOSKOVITCH R , et al . Applying machine learning techniques for detection of malicious code in network traffic [C ] // Lecture Notes in Computer Science . Berlin : Springer Berlin Heidelberg , 2007 : 44 - 50 .

MOHAMMED K B . Ransomware detection using random forest technique [J ] . ICT Express , 2020 , 6 ( 4 ): 325 - 331 .

LI X , QIU K F , QIAN C , et al . An adversarial machine learning method based on opcode n-grams feature in malware detection [C ] // 2020 IEEE Fifth International Conference on Data Science in Cyberspace (DSC) . Piscataway : IEEE , 2020 : 380 - 387 .

BARSHAN E , GHODSI A , AZIMIFAR Z , et al . Supervised principal component analysis: Visualization, classification and regression on subspaces and submanifolds [J ] . Pattern Recognition , 2011 , 44 ( 7 ): 1357 - 1371 .

MOON H J , BU S J , CHO S B . Directional graph transformer-based control flow embedding for malware classification [M ] // Intelligent Data Engineering and Automated Learning — IDEAL 2021 . Cham : Springer International Publishing , 2021 : 426 - 436 .

NATARAJ L , KARTHIKETAN S , JACOB G , et al . Malware images: Visualization and automatic classification‍ [C ] // Proceedings of the 8th International Symposium on Visualization for Cyber Security . New York : ACM , 2011 : 1 - 7 .

CAI L R , LI Y , XIONG Z . JOWMDroid: Android malware detection based on feature weighting with joint optimization of weight-mapping and classifier parameters [J ] . Computers & Security , 2021 , 100 : 102086 .

VU D L , NGUYEN T K , NGUYEN T V , et al . A convolutional transformation network for malware classification‍ [C ] // 2019 6th NAFOSTED Conference on Information and Computer Science (NICS) . Piscataway : IEEE , 2019 : 234 - 239 .

GIBERT D , MATEU C , PLANES J , et al . Using convolutional neural networks for classification of malware represented as images [J ] . Journal of Computer Virology and Hacking Techniques , 2019 , 15 ( 1 ): 15 - 28 .

YUAN B , WANG J , LIU D , et al . Byte-level malware classification based on Markov images and deep learning‍ [J ] . Computers & Security , 2020 , 92 : 101740 .

QIAO Y C , JIANG Q S , JIANG Z C , et al . A multi-channel visualization method for malware classification based on deep learning [C ] // 2019 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/13th IEEE International Conference on Big Data Science And Engineering (TrustCom/BigDataSE) . Piscataway : IEEE , 2019 : 757 - 762 .

LEI T , XUE J , WANG Y , et al . An empirical study of problems and evaluation of IoT malware classification label sources [J ] . Journal of King Saud University-Computer and Information Sciences , 2024 , 36 ( 1 ): 101898 .

HUO X , LI M , ZHOU Z H . Control flow graph embedding based on multi-instance decomposition for bug localization [C ] // The Thirty-Fourth AAAI Conference on Artificial Intelligence . New York : AAAI , 2020 : 4223 - 4230 .

YAN J Q , YAN G H , JIN D . Classifying malware represented as control flow graphs using deep graph convolutional neural network [C ] // 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) . Piscataway : IEEE , 2019 : 52 - 63 .

王硕 , 王坚 , 王亚男 , 等 . 一种基于特征融合的恶意代码快速检测方法 [J ] . 电子学报 , 2023 , 51 ( 1 ): 57 - 66 .

WANG S , WANG J , WANG Y N , et al . A fast malicious code detection method based on feature fusion [J ] . Acta Electronica Sinica , 2023 , 51 ( 1 ): 57 - 66 . (in Chinese)

轩勃娜 , 李进 . 基于改进CNN的恶意软件分类方法 [J ] . 电子学报 , 2023 , 51 ( 5 ): 1187 - 1197 .

XUAN B N , LI J . A malware classification method based on improved CNN [J ] . Acta Electronica Sinica , 2023 , 51 ( 5 ): 1187 - 1197 . (in Chinese)

CUI Z H , XUE F , CAI X J , et al . Detection of malicious code variants based on deep learning [J ] . IEEE Transactions on Industrial Informatics , 2018 , 14 ( 7 ): 3187 - 3196 .

YU W H , LUO M , ZHOU P , et al . Metaformer is actually what you need for vision [C ] // 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE , 2022 : 10819 - 10829 .

JIAN Y F , KUANG H B , REN C L , et al . A novel framework for image-based malware detection with a deep neural network [J ] . Computers & Security , 2021 , 109 : 102400 .

VENKATRAMAN S , ALAZAB M , VINAVAKUMAR R . A hybrid deep learning image-based analysis for effective malware detection [J ] . Journal of Information Security and Applications , 2019 , 47 : 377 - 389 .

VASAN D , ALAZAB M , WASSAN S , et al . Image-Based malware classification using ensemble of CNN architectures (IMCEC) [J ] . Computers & Security , 2020 , 92 : 101748 .

AZEEZ N A , ODUFUWA O E , MISRA S , et al . Windows PE malware detection using ensemble learning [J ] . Informatics , 2021 , 8 ( 1 ): 10 .

LE Q , BOYDELL O , NAMEE B MAC , et al . Deep learning at the shallow end: Malware classification for non-domain experts [J ] . Digital Investigation: the International Journal of Digital Forensics & Incident Response , 2018 , 26 ( S ): S118 - S126 .

HAN K , KANG B , IM E G . Malware analysis using visualized image matrices [J ] . The Scientific World Journal , 2014 , 2014 : 132713 .

DOSOVITSKIY A , BEYER L , KOLESNIKOV A , et al . An image is worth 16 × 16 words: Transformers for image recognition at scale[EB/OL ] . ( 2020-10-22 )[ 2023-11-15 ] . https://arxiv.org/abs/2010.11929 https://arxiv.org/abs/2010.11929 .

Microsoft Malware Classification Challenge . Kaggle BIG 2015 dataset [DB/OL ] . ( 2015-04-18 )[ 2023-11-15 ] https://www.kaggle.c-om/c/malware-classification/data https://www.kaggle.c-om/c/malware-classification/data .

奇安信技术研究院 . DataCon: 面向安全研究的多领域大规模竞赛开放数据 [EB/OL ] . ( 2021-11-11 )[ 2023-11-15 ] . https://datacon.qi-anxin.com/opendata https://datacon.qi-anxin.com/opendata .

QinetiQ Institute of Technology . DataCon: Open data for multi-domain, large-scale competitions for security research [EB/OL ] . ( 2021-11-11 )[ 2023-11-15 ] . https://datacon.qi-anxin.com/opendata. https://datacon.qi-anxin.com/opendata. (in Chinese)

LE Q , BOYDELL O , NAMEE B MAC , et al . Deep learning at the shallow end: Malware classification for non-domain experts [J ] . Digital Investigation , 2018 , 26 ( S ): S118 - S126 .

CHEN J , GUO S Z , MA X , et al . SLAM: A malware detection method based on sliding local attention mechanism‍ [J ] . Security and Communication Networks , 2020 , 2020 : 6724513 .

NARAYANAN B N , DJANEYE-BOUNDJOU O , KEBEDE T M . Performance analysis of machine learning and pattern recognition algorithms for malware classification [C ] // 2016 IEEE National Aerospace and Electronics Conference (NAECON) and Ohio Innovation Summit (OIS) . Piscataway : IEEE , 2016 : 338 - 342 .

杨望 , 高明哲 , 蒋婷 . 一种基于多特征集成学习的恶意代码静态检测框架 [J ] . 计算机研究与发展 , 2021 , 58 ( 5 ): 1021 - 1034 .

YANG W , GAO M Z , JIANG T . A malicious code static detection framework based on multi-feature ensemble learning [J ] . Journal of Computer Research and Development , 2021 , 58 ( 5 ): 1021 - 1034 . (in Chinese)

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Fast Malicious Code Detection Method Based on Feature Fusion

Related Author

WANG Shuo

WANG Jian

WANG Ya-nan

SONG Ya-fei

Related Institution

Unit of ， Chinese People's Liberation Army

Air Defense and Antimissile School, Air Force Engineering University

⁰