摘要
为提高恶意代码识别的检测能力和反识别能力,提出基于深度学习的云环境动态恶意代码检测平台。构建基于云环境的动态恶意代码行为监测系统,通过断点注入技术隐蔽地跟踪内核函数调用,对恶意代码的进程、文件、网络、注册表、系统服务操作等行为实施监测,生成监测日志;研究日志预处理系统,对监测日志进行预处理,提取4个维度信息并生成特征图片;构建深度卷积神经网络,训练样本的特征图片和标记作为输入,进行学习和训练,并对测试样本进行预测和分类。
To enhance detection capability and get rid of the fingerprint problem,a deep learning based dynamic malware detection platform was proposed in the cloud environment. A monitoring system was designed and implemented,in which the breakpoint injection technique was employed to monitor malware behaviors including process,file,network,registry and system service activities. The log was generated and processed using the log pre-processing system. Four dimensions of information were abstracted to make a characteristic figure,which was the input for a convolutional neural network. The method of deep learning was utilized for model training and prediction. Based on the trained neural network,different malware can be detected and classified.
作者
银伟
张钱明
周红建
邢国强
童丹
YIN Wei;ZHANG Qian-ming;ZHOU Hong-jian;XING Guo-qiang;TONG Dan(95899 PLA Troops,Beijing 100085,China;93655 PLA Troops,Beijing 100036,China)
出处
《计算机工程与设计》
北大核心
2019年第7期1823-1828,共6页
Computer Engineering and Design
基金
国家自然科学基金项目(61702542)
中国博士后基金项目(2016M603017)
