摘要
近年来,恶意软件呈现出爆发式增长势头,新型恶意样本携带变异性和多态性,通过多态、加壳、混淆等方式规避传统恶意代码检测方法。基于大规模恶意样本,设计了一种安全、高效的恶意软件分类的方法,通过提取可执行文件字节视图、汇编视图、PE视图3个方面的静态特征,并利用特征融合和分类器集成学习2种方式,提高模型的泛化能力,实现了特征与分类器之间的互补,实验证明,在样本上取得了稳定的F1-score(93.56%)。
In recent years, the amount of the malwares has tended to rise explosively. New malicious samples emerge as variability and polymorphism. By means of polymorphism, shelling and confusion, traditional ways of detecting can be avoided. On the basis of massive malicious samples, a safe and efficient method was designed to classify the malwares. Extracting three static features including file byte features, assembly features and PE features, as well as improving generalization of the model through feature fusion and ensemble learning, which realized the complementarity between the features and the classifier. The experiments show that the sample achieve a stable Fl-socre (93.56%).
出处
《网络与信息安全学报》
2017年第11期68-76,共9页
Chinese Journal of Network and Information Security
基金
国家自然科学基金资助项目(No.U1536119
No.61401038)~~
关键词
恶意软件
家族分类
静态分析
机器学习
模型融合
malware, family classification, static analysis, machine learning, model fusion
