一种基于特征融合的恶意代码快速检测方法
A Fast Malicious Code Detection Method Based on Feature Fusion
- 电子学报 2023年51卷第1期 页码:57-66
- 作者机构:
空军工程大学防空反导学院,陕西西安 710051
- 作者简介:
[ "王 硕 男,1998年11月出生于重庆市.现为空军工程大学硕士研究生.主要研究方向为智能信息处理和恶意软件检测.E-mail: luoan_w@163.com" ]
[ "王 坚 男,1982年2月出生于陕西省渭南市.现为空军工程大学防空反导学院副教授.主要研究方向为智能信息处理和恶意软件检测.E-mail: 26471375@qq.com" ]
[ "王亚男 女,1988年9月出生于山东省青岛市.现为空军工程大学防空反导学院讲师.主要研究方向为网络信息安全和人工智能.E-mail: wyn1988814@163.com" ]
[ "宋亚飞 男,1988年出生于河南汝州.现为空军工程大学防空反导学院副教授.主要研究方向为机器学习及其在目标识别和入侵检测等领域中的应用.E-mail: yafei_song@163.com" ]
- 基金信息:国家自然科学基金(61703426)
DOI:10.12263/DZXB.20211701
中图分类号: TP309.5收稿:2021-12-24,
修回:2022-07-31,
纸质出版:2023-01-25
- 稿件说明:
移动端阅览
王硕,王坚,王亚男等.一种基于特征融合的恶意代码快速检测方法[J].电子学报,2023,51(01):57-66.
WANG Shuo,WANG Jian,WANG Ya-nan,et al.A Fast Malicious Code Detection Method Based on Feature Fusion[J].ACTA ELECTRONICA SINICA,2023,51(01):57-66.
王硕,王坚,王亚男等.一种基于特征融合的恶意代码快速检测方法[J].电子学报,2023,51(01):57-66. DOI: 10.12263/DZXB.20211701.
WANG Shuo,WANG Jian,WANG Ya-nan,et al.A Fast Malicious Code Detection Method Based on Feature Fusion[J].ACTA ELECTRONICA SINICA,2023,51(01):57-66. DOI: 10.12263/DZXB.20211701.
摘要
随着恶意代码对抗技术的发展,恶意攻击者通过加壳、代码混淆等技术繁衍大量恶意代码变种,而传统恶意代码检测方法难以对其进行有效检测.基于恶意代码可视化的恶意代码检测方法被证明是一种能够有效识别恶意代码及其变种的新方法.针对目前研究仅着眼于提升模型分类准确率而忽略了恶意代码检测的时效性,本文提出了一种基于特征融合的恶意代码快速检测方法.该方法以深度神经网络为框架,采取模块化设计思想,将多尺度恶意代码特征融合与通道注意力机制结合,增强关键特征表达,并使用数据增强技术改善数据集类别不平衡问题.通过实验证明本文方法分类准确率高且参数量小、检测时效性高,优于目前的恶意代码检测技术.
Abstract
With the development of anti-malicious code technology
malicious attackers multiply a large number of malicious code variants by adding shell
code obfuscation and other technologies. However
traditional malicious code detection methods are difficult to detect them effectively. Malicious code detection based on malicious code visualization has been proved to be an effective method for identifying malicious code variants. The current research only focuses on improving the accuracy of model classification while ignoring the timeliness of malicious code detection. To solve the above problem
this paper proposes a fast malicious code detection method based on feature fusion. Based on the framework of deep neural network and the idea of modular design
our method combines multi-scale malicious code feature fusion with channel attention mechanism to enhance typical feature expression. In addition
data augmentation technology is utilized to deal with the problem of dataset category imbalance. The results of experiments indicate that the proposed method achieves high classification accuracy
small number of parameters and high detection timeliness
which is superior to the current malicious code detection technology.
关键词
Keywords
references
国家互联网应急中心 . 2021年第2期网络安全信息与动态周报 [R/OL]. ( 2021-01-13 )[ 2021-12-23 ]. https://www. cert.org.cn/publish/main/upload/File/Weekly%20Report%20of%20CNCERT-Issue%2002%202021(1).pdf https://www.cert.org.cn/publish/main/upload/File/Weekly%20Report%20of%20CNCERT-Issue%2002%202021(1).pdf .
ALAZAB M . Profiling and classifying the behavior of malicious codes [J]. Journal of Systems and Software , 2015 , 100 : 91 - 102 .
VENKATRAMAN S , ALAZAB M . Use of data visualization for zero-day malware detection [J]. Security and Communication Networks , 2018 , 2018 : 1 - 13 .
CONTI G , BRATUS S , et al . Automated mapping of large binary objects using primitive fragment type classification [J]. Digital Investigation , 2010 , 7 : S3 - S12 .
NATARAJ L , KARTHIKETAN S , et al . Malware images: Visualization and automatic classification [C]// Proceedings of the 8th International Symposium on Visualization for Cyber Security . New York : ACM , 2011 : 1 - 7 .
韩晓光 , 曲武 , 等 . 基于纹理指纹的恶意代码变种检测方法研究 [J]. 通信学报 , 2014 , 35 ( 8 ): 125 - 136 .
HAN X G , QU W , et al . Research on malicious code variants detection based on texture fingerprint [J]. Journal on Communications , 2014 , 35 ( 8 ): 125 - 136 . (in Chinese)
NATARAJ L , YEGNESWARAN V , PORRAS P , et al . A comparative assessment of malware classification using binary texture analysis and dynamic analysis [C]// Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence . New York : ACM , 2011 : 21 - 30 .
汪嘉来 , 张超 , 戚旭衍 , 等 . Windows平台恶意软件智能检测综述 [J]. 计算机研究与发展 , 2021 , 58 ( 5 ): 977 - 994 .
WANG J L , et al . A survey of intelligent malware detection on windows platform [J]. Journal of Computer Research and Development , 2021 , 58 ( 5 ): 977 - 994 . (in Chinese)
任卓君 , 陈光 , 卢文科 . 基于N-gram特征的恶意代码可视化方法 [J]. 电子学报 , 2019 , 47 ( 10 ): 2108 - 2115 .
RENG Z J , CHEN G , LU W K . Malware visualization methods based on n-gram features [J]. Acta Electronica Sinica , 2019 , 47 ( 10 ): 2108 - 2115 . (in Chinese)
NATARAJ L , MANJUNATH B S . SPAM: Signal processing to analyze malware [J]. IEEE Signal Processing Magazine , 2016 , 33 : 105 - 117 .
KANCHERLA K , MUKKAMALA S . Image visualization based malware detection [C]// 2013 IEEE Symposium on Computational Intelligence in Cyber Security . Singapore : IEEE , 2013 : 40 - 44 .
刘亚姝 , 王志海 , 等 . 抗混淆的恶意代码图像纹理特征描述方法 [J]. 通信学报 , 2018 , 39 ( 11 ): 44 - 53 .
LIU Y S , WANG Z H , et al . Method of anti-confusion texture feature descriptor for malware images [J]. Journal on Communications , 2018 , 39 ( 11 ): 44 - 53 . (in Chinese)
NAEEM H , GUO B , NAEEM M R , et al . Identification of malicious code variants based on image visualization [J]. Computers & Electrical Engineering , 2019 , 76 : 225 - 237 .
卢喜东 , 段哲民 , 钱叶魁 , 等 . 一种基于深度森林的恶意代码分类方法 [J]. 软件学报 , 2020 , 31 ( 5 ): 1454 - 1464 .
LU X D , DUAN Z M , QIAN Y K , et al . Malicious code classification method based on deep forest [J]. Journal of Software , 2020 , 31 ( 5 ): 1454 - 1464 . (in Chinese)
GIBERT D , MATEU C , PLANES J , et al . Using convolutional neural networks for classification of malware represented as images [J]. Journal of Computer Virology and Hacking Techniques , 2019 , 15 ( 1 ): 15 - 28 .
DANISH V , MAMOUN A , SOBIA W , et al . IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture [J]. Computer Networks , 2020 , 171 : 107138 .
KABANGA E K , KIM C H . Malware images classification using convolutional neural network [J]. Journal of Computer and Communications , 2018 , 6 ( 1 ): 153 - 158 .
CUI Z H , XUE F , CAI X , et al . Detection of malicious code variants based on deep learning [J]. IEEE Transactions on Industrial Informatics , 2018 , 14 ( 7 ): 3187 - 3196 .
CUI Z H , LEI D , et al . Malicious code detection based on CNNs and multi-objective algorithm [J]. Journal of Parallel and Distributed Computing , 2019 , 129 : 50 - 58 .
HU J , SHEN L , ALBANIE S , et al . Squeeze and excitation networks [J]. IEEE Transactions on Pattern Analysis and Machine Intelligence , 2020 , 42 ( 8 ): 2011 - 2023 .
奇安信技术研究院 . DataCon: 面向安全研究的多领域大规模竞赛开放数据 [EB/OL]. ( 2021-11-11 )[ 2021-12-23 ]. https://datacon.qianxin.com/opendata https://datacon.qianxin.com/opendata .
LI Q , MI J , LI W , et al . CNN-based malware variants detection method for internet of things [J]. IEEE Internet of Things Journal , 2021 , 8 ( 23 ): 16946 - 16962 .
SUDHAKAR K S . MCFT-CNN: Malware classification with fine-tune convolution neural networks using traditional and transfer learning in internet of things [J]. Future Generation Computer Systems , 2021 , 125 : 334 - 351 .
DANISH V , MAMOUN A , SOBIA W , et al . Image-based malware classification using ensemble of CNN architectures (IMCEC) [J]. Computers & Security , 2020 , 92 : 101748 .
杨望 , 高明哲 , 蒋婷 . 一种基于多特征集成学习的恶意代码静态检测框架 [J]. 计算机研究与发展 , 2021 , 58 ( 5 ): 1021 - 1034 .
YANG W , GAO M Z , JIANG T . A malicious code static detection framework based on multi-feature ensemble learning [J]. Journal of Computer Research and Development , 2021 , 58 ( 5 ): 1021 - 1034 . (in Chinese)
刘亚姝 , 王志海 , 侯跃然 , 等 . 一种基于概率主题模型的恶意代码特征提取方法 [J]. 计算机研究与发展 , 2019 , 56 ( 11 ): 2339 - 2348 .
LIU Y S , WANG Z H , HOU Y R , et al . A method of extracting malware features based on probabilistic topic method , 2019 , 56 ( 11 ): 2339 - 2348 . (in Chinese)
GUO H , HUANG S , ZHANG M , et al . Classification of malware variant based on ensemble learning [C]// 2020 International Conference on Machine Learning for Cyber Security . Guangzhou : Springer , 2020 : 125 - 139 .
SAADAT S , JOSEPH R V . Malware classification using CNN-XGBoost model [C]// 2020 International Conference on Advanced Computing Technology . Chennai : Springer , 2021 : 192 - 202 .
KRIZHEVSKY A , SUTSKEVER I , HINTON G E . ImageNet classification with deep convolutional neural networks [J]. Communications of the ACM , 2017 , 60 ( 6 ): 84 - 90 .
SIMONVAN K , ZISSERMAN A . Very deep convolutional networks for large-scale image recognition [EB/OL]. ( 2015-4-10 )[ 2021-12-23 ]. https://arxiv.org/abs/1409.1556 https://arxiv.org/abs/1409.1556 .
HE K M , ZHAGN X Y , REN S Q , et al . Deep residual learning for image recognition [EB/OL]. ( 2015-04-10 ) [ 2021-12-23 ]. https://arxiv.org/abs/1512.03385 https://arxiv.org/abs/1512.03385 .
VENKATRAMAN S , ALAZAB M , VINAVAKUMAR R . A hybrid deep learning image-based analysis for effective malware detection [J]. Journal of Information Security and Applications , 2019 , 47 : 377 - 389 .
VINITA V , SUNIL K M , SINGH V B . Multiclass malware classification via first- and second-order texture statistics [J]. Computers & Security . 2020 , 97 : 101895 .
NAEEM H , ULLAH F , NAEEM M R , et al . Malware detection in industrial internet of things based on hybrid image visualization and deep learning model [J]. Ad Hoc Networks , 2020 , 105 : 102154 .
WANG C , ZHAO Z , WANG F , et al . A novel malware detection and family classification scheme for IoT based on DEAM and DenseNet [J]. Security and Communication Networks , 2021 , 2021 : 1 - 16 .
WANG S , WANG J , SONG Y F , et al . Malicious code variant identification based on multiscale feature fusion CNNs [J]. Computational Intelligence and Neuroscience , 2021 , 2021 : 1070586 .
0
浏览量
13
下载量
7
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies