摘要
计算机网络技术的快速发展,导致恶意软件数量不断增加。针对恶意软件家族分类问题,提出一种基于深度学习可视化的恶意软件家族分类方法。该方法采用恶意软件操作码特征图像生成的方式,将恶意软件操作码转化为可直视的灰度图像。使用递归神经网络处理操作码序列,不仅考虑了恶意软件的原始信息,还考虑了将原始代码与时序特征相关联的能力,增强分类特征的信息密度。利用SimHash将原始编码与递归神经网络的预测编码融合,生成特征图像。基于相同族的恶意代码图像比不同族的具有更明显相似性的现象,针对传统分类模型无法解决自动提取分类特征的问题,使用卷积神经网络对特征图像进行分类。实验部分使用10868个样本(包含9个恶意家族)对深度学习可视化进行有效性验证,分类精度达到98.8%,且能够获得有效的、信息增强的分类特征。
The rapid development of computer network technology has led to an increasing number of malicious soft-ware.Aiming at the problem of malware family classification,a method of malware family classification based on deep learning visualization is proposed.In this method,the malware opcodes are converted into gray images that can be viewed directly.By using Recursive Neural Network(RNN)to process opcode sequences,this paper take into account not only the original information of malware,but also the ability to associate the original code with timing characteristics,thus enhancing the information density of the classified features.Then,SimHash is used to generate feature images from the fusion of the original codes and the predictive codes from the RNN.Finally,malicious code images based on the same family are more similar than those of different families.The traditional classification model can’t finish automatic extraction of clas-sification features.To address this problem,this paper uses Convolutional Neural Network(CNN)to classify the feature images.The method has been implemented and tested on a set of 10868 malware instances in 9 families,the classification accuracy achieves 98.8%,and the effective and information-enhanced classification features could be obtained.
作者
陈小寒
魏书宁
覃正泽
CHEN Xiaohan;WEI Shuning;QIN Zhengze(College of Information Science and Engineering,Hunan Normal University,Changsha 410006,China;National Key Laboratory for Parallel and Distributed Processing,National University of Defense Technology,Changsha 410006,China)
出处
《计算机工程与应用》
CSCD
北大核心
2021年第22期131-138,共8页
Computer Engineering and Applications
基金
湖南省重点领域研发计划(2019GK2243)。
作者简介
陈小寒(1995—),女,硕士研究生,研究领域为恶意代码分析;通信作者:魏书宁(1986—),女,博士,副教授,国防科技大学计算机学院在站博士后,研究领域为智能信息处理、智能控制、网络信息安全等,E-mail:weishuning@hunnu.edu.cn;覃正泽(1994—),男,硕士研究生,研究领域为模式识别与智能系统。
