摘要
将图像处理技术与机器学习方法相结合是恶意代码可视化研究的一个新方法。在这种研究方法中,恶意代码灰度图像纹理特征的描述对恶意代码分类结果的准确性影响较大。为此,提出新的恶意代码图像纹理特征描述方法。通过将全局特征(GIST)与局部特征(LBP或dense SIFT)相融合,构造抗混淆、抗干扰的融合特征,解决了在恶意代码灰度图像相似度较高或差异性较大时全局特征分类准确性急剧降低的问题。实验表明,该方法与传统方法相比具有更好的稳定性和适用性,同时在较易混淆的数据集上,分类准确率也有了明显的提高。
It is a new method that uses image processing and machine learning algorithms to classify malware samples in malware visualization field. The texture feature description method has great influence on the result. To solve this problem, a new method was presented that joints global feature of GIST with local features of LBP or dense SIFT in order to construct combinative descriptors of malware gray-scale images. Using those descriptors, the malware classification performance was greatly improved in contrast to traditional method, especially for those samples have higher similarity in the different families, or those have lower similarity in the same family. A lot of experiments show that new method is much more effective and general than traditional method. On the confusing dataset, the accuracy rate of classification has been greatly improved.
作者
刘亚姝
王志海
严寒冰
侯跃然
来煜坤
LIU Yashu;WANG Zhihai;YAN Hanbing;HOU Yueran;LAI Yukun(School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China;School of Electrical and Information Engineering,Beijing University of Civil Engineering and Architecture,Beijing 100044,China;National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100029,China;Institute of Network Technology,Beijing University of Posts and Telecommunication,Beijing 100876,China;School of Computer Science and Informatics,Cardiff University,Cardiff CF24 3AA,UK)
出处
《通信学报》
EI
CSCD
北大核心
2018年第11期44-53,共10页
Journal on Communications
基金
国家自然科学基金资助项目(No.U1736218
No.61672086)
国家重点研发计划基金资助项目(No.2018YFB0803604)~~
