MalMKNet：一种用于恶意代码分类的多尺度卷积神经网络

张丹丹; 宋亚飞; 刘曙

doi:10.12263/DZXB.20221069

您当前的位置：

首页 >

文章列表页 >

MalMKNet：一种用于恶意代码分类的多尺度卷积神经网络

学术论文 | 更新时间：2025-12-08

- MalMKNet：一种用于恶意代码分类的多尺度卷积神经网络
- MalMKNet: A Multi-Scale Convolutional Neural Network Used for Malware Classification
- 电子学报 2023年51卷第5期页码：1359-1369
- 作者机构：
  
  空军工程大学防空反导学院，陕西西安 710051
- 作者简介：
  
  [ "张丹丹女，1998年12月出生于上海市.现为空军工程大学硕士研究生.现为空军工程大学硕士研究生.主要研究方向为恶意代码检测. E-mail: afeu_ddz@163.com" ]
  [ "宋亚飞（通讯作者）男，1988年出生于河南汝州.现为空军工程大学防空反导学院副教授.主要研究方向为机器学习及其在目标识别和入侵检测等领域中的应用.E-mail: yafei_song@163.com" ]
  刘曙男，1971年出生于湖南益阳.现为空军工程大学防空反导学院副教授.主要研究方向为网络空间信息防御和计算机与软件工程. E-mail: liushu@163.com
- 基金信息：
  
  国家自然科学基金(61806219;61703426;61876189);陕西省自然科学基金(2021JM-226);陕西省高校科协青年人才托举计划(20190108;20220106);陕西省创新能力支撑计划(2020KJXX-065)
- DOI：10.12263/DZXB.20221069
  中图分类号： TP309.5
- 收稿：2022-09-20，
  
  修回：2022-11-28，
  
  纸质出版：2023-05-25
- 稿件说明：
移动端阅览
张丹丹,宋亚飞,刘曙.MalMKNet：一种用于恶意代码分类的多尺度卷积神经网络[J].电子学报,2023,51(05):1359-1369.

ZHANG Dan-dan,SONG Ya-fei,LIU Shu.MalMKNet: A Multi-Scale Convolutional Neural Network Used for Malware Classification[J].ACTA ELECTRONICA SINICA,2023,51(05):1359-1369.
张丹丹,宋亚飞,刘曙.MalMKNet：一种用于恶意代码分类的多尺度卷积神经网络[J].电子学报,2023,51(05):1359-1369. DOI： 10.12263/DZXB.20221069.

ZHANG Dan-dan,SONG Ya-fei,LIU Shu.MalMKNet: A Multi-Scale Convolutional Neural Network Used for Malware Classification[J].ACTA ELECTRONICA SINICA,2023,51(05):1359-1369. DOI： 10.12263/DZXB.20221069.

摘要

对未知恶意代码及其变种进行快速准确地识别，是对恶意攻击行为进行有效防范的前提和基础.但随着恶意代码变种的急剧增加，人工更新样本数据库的效率越来越差，仅仅依据延时的数据库信息，传统的识别方法难以有效捕获经过混淆方法操作的样本特征信息.针对上述问题，本文设计了一种基于灰度图像处理的深度学习模型MalMKNet（Multi-scale Kernel Network for Malware），建立了一种多尺度卷积核混合的卷积神经网络（Convolutional Neural Network，CNN）架构，以提高恶意代码识别能力.该模型运用具有捷径（shortcut）结构的深度大内核卷积和标准小内核卷积相结合的混合卷积核（Mixed Kernels，MK）模块，以提高模型准确率；在此基础上，通过多尺度内核融合（Multi-scale Kernel Fusion，MKF），以降低模型参数量；再结合特征重组（feature shuffle）操作，实现优化特征通信，在不增加模型参数量的前提下提升了分类精度.实验结果表明，MalMKNet在恶意代码家族分类准确率方面优于其他基于深度学习的分类方法，准确率达到了99.35%.

Abstract

Rapid and accurate identification of unknown malware and its variants is the premise and basis for the effective prevention of malicious attacks. However

with the rapid increase of malware variants

the efficiency of manual updating of the sample database is getting worse and worse. It is difficult for the traditional identification method to effectively capture the sample feature information operated by the confusion method only based on the delayed database information. To address the above problems

this paper proposes a deep learning model based on grayscale image processing

MalMKNet (Multi-scale Kernel Network for Malware)

a convolutional neural network (CNN) architecture using multi-scale convolution kernel mixing action to improve malware detection capabilities. The mixed kernels (MK) module combining deep large kernel convolution and standard small kernel convolution with shortcut structure is proposed to improve the model accuracy

and then we proposed multi-scale kernel fusion (MKF) to reduce the number of parameters. The feature shuffle (FS) is proposed to improve the classification accuracy without increasing the number of parameters. Experimental results show that MalMKNet outperforms the state-of-the-art methods in terms of malware family classification accuracy which achieves 99.35%.

关键词

Keywords

references

SU J W , VASCONCELLOS D V , PRASAD S , et al . Lightweight classification of IoT malware based on image recognition [C]//HIRONORI K. 2018 IEEE 42nd Annual Computer Software and Applications Conference(COMPSAC) . Piscataway : IEEE , 2018 : 664 - 669 .

国家互联网应急中心 . 2020年中国互联网网络安全报告 [R/OL]. ( 2021-07-21 )[ 2022-12-29 ]. https://www.cert.org.cn/publish/main/46/2021/20210721130944504525772/20210721130944504525772_.html https://www.cert.org.cn/publish/main/46/2021/20210721130944504525772/20210721130944504525772_.html .

YADAV B , TOKEKAR S . Recent innovations and comparison of deep learning techniques in malware classification: A review [J]. International Journal of Information Security Science , 2021 , 9 ( 4 ): 230 - 247 .

GREENGARD S . Cybersecurity gets smart [J]. Communications of the ACM , 2016 , 59 ( 5 ): 29 - 31 .

VENKATRAMAN S , ALAZAB M . Use of data visualisation for zero-day malware detection [J]. Security and Communication Networks , 2018 , 2018 : 1 - 13 .

NATARAJ L , KARTHIKEYAN S , JACOB G , et al . Malware images: Visualization and automatic classification [C]//GREGORY J. Proceedings of the 8th International Symposium on Visualization for Cyber Security . New York : ACM , 2011 : 1 - 7 .

MAKANDAR A , PATROT A . Malware class recognition using image processing techniques [C]// 2017 International Conference on Data Management, Analytics and Innovation (ICDMAI) . Piscataway : IEEE , 2017 : 76 - 80 .

XIANG Q , WANG X D , SONG Y F , et al . One-dimensional convolutional neural networks for high-resolution range profile recognition via adaptively feature recalibrating and automatically channel pruning [J]. International Journal of Intelligent Systems , 2021 , 36 ( 1 ): 332 - 361 .

XIANG Q , WANG X D , LAI J , et al . Multi-scale group-fusion convolutional neural network for high-resolution range profile target recognition [J]. IET Radar , Sonar & Navigation, 2022 , 16 ( 12 ): 1997 - 2016 .

CUI Z H , XUE F , CAI X J , et al . Detection of malicious code variants based on deep learning [J]. IEEE Transactions on Industrial Informatics , 2018 , 14 ( 7 ): 3187 - 3196 .

HAMAD N , CHENG X C , FARHAN U , et al . A deep convolutional neural network stacked ensemble for malware threat classification in Internet of Things [J]. Journal of Circuits, Systems and Computers , 2022 , 31 ( 17 ): 1 - 13 .

KALASH M , ROCHAN M , MOHAMMED N , et al . Malware classification with deep convolutional neural networks [C]// 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS) . Piscataway : IEEE , 2018 : 1 - 5 .

VENKATRAMAN S , ALAZAB M , VINAYAKUMAR R . A hybrid deep learning image-based analysis for effective malware detection [J]. Journal of Information Security and Applications , 2019 , 47 : 377 - 389 .

GO J H , JAN T , MOHANTY M , et al . Visualization approach for malware classification with ResNeXt [C]// 2020 IEEE Congress on Evolutionary Computation (CEC) . Piscataway : IEEE , 2020 : 1 - 7 .

LIU S , CHEN T , CHEN X , et al . More convnets in the 2020 s: Scaling up kernels beyond 51 x 51 using sparsity[EB/OL]. ( 2022-07-07 )[ 2022-12-29 ]. https://arxiv.org/abs/2207.03620 https://arxiv.org/abs/2207.03620 .

IOFFE S , SZEGEDY C . Batch normalization: Accelerating deep network training by reducing internal covariate shift [C]// Proceedings of the 32nd International Conference on International Conference on Machine Learning - Volume 37 . New York : ACM , 2015 : 448 - 456 .

MISRA D . Mish: A self regularized non-monotonic neural activation function [EB/OL]. ( 2019-08-23 )[ 2022-12-29 ]. https://arxiv.org/abs/1908.08681 https://arxiv.org/abs/1908.08681 .

CHOLLET F . Xception: Deep learning with depthwise separable convolutions [C]// 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE , 2017 : 1800 - 1807 .

XIE S N , GIRSHICK R , DOLLÁR P , et al . Aggregated residual transformations for deep neural networks [C]// 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE , 2017 : 5987 - 5995 .

NAMANYA A P , AWAN I U , DISSO J P , et al . Similarity hash based scoring of portable executable files for efficient malware detection in IoT [J]. Future Generation Computer Systems , 2020 , 110 : 824 - 832 .

YUE S . Imbalanced malware images classification: A CNN based approach [EB/OL]. ( 2017-08-27 )[ 2022-12-29 ]. https://arxiv.org/abs/1708.08042 https://arxiv.org/abs/1708.08042 .

DAI Y , LI H , QIAN Y , et al . A malware classification method based on memory dump grayscale image [J]. Digital Investigation , 2018 , 27 : 30 - 37 .

KUMAR R , ZHANG X S , KHAN R U , et al . Malicious code detection based on image processing using deep learning [C]// Proceedings of the 2018 International Conference on Computing and Artificial Intelligence . New York : ACM , 2018 : 81 - 85 .

CHEN L . Deep transfer learning for static malware classification [EB/OL]. ( 2018-12-18 )[ 2022-12-29 ]. https://arxiv.org/abs/1812.07606 https://arxiv.org/abs/1812.07606 .

CUI Z , DU L , WANG P , et al . Malicious code detection based on CNNs and multi-objective algorithm [J]. Journal of Parallel and Distributed Computing , 2019 , 129 : 50 - 58 .

SINGH A , HANDA A , KUMAR N , et al . Malware classification using image representation [M]// Lecture Notes in Computer Science . Cham : Springer International Publishing , 2019 : 75 - 92 .

GIBERT D , MATEU C , PLANES J , et al . Using convolutional neural networks for classification of malware represented as images [J]. Journal of Computer Virology and Hacking Techniques , 2019 , 15 ( 1 ): 15 - 28 .

LO W W , YANG X , WANG Y P . An xception convolutional neural network for malware classification with transfer learning [C]// 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS) . Piscataway : IEEE , 2019 : 1 - 5 .

ÇAYIR A , ÜNAL U , DAĞ H . Random CapsNet forest model for imbalanced malware type classification task [J]. Computers & Security , 2021 , 102 : 102133 .

NAEEM H , ULLAH F , NAEEM M R , et al . Malware detection in industrial Internet of Things based on hybrid image visualization and deep learning model [J]. Ad Hoc Networks , 2020 , 105 : 102154 .

VASAN D , ALAZAB M , WASSAN S , et al . IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture [J]. Computer Networks , 2020 , 171 : 107138 .

DING X H , GUO Y C , DING G G , et al . ACNet: strengthening the kernel skeletons for powerful CNN via asymmetric convolution blocks [C]//DAVID F. 2019 IEEE/CVF International Conference on Computer Vision(ICCV) . Piscataway : IEEE , 2020 : 1911 - 1920 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于深度学习的异常事件检测

基于深度学习的目标检测研究综述

基于非一般类算子融合方法及硬件架构设计

DRHA-UIE：基于双重残差混合注意力模块的水下图像增强方法