摘要
恶意软件的爆炸性增长,以及对用户机和网络环境造成的严重威胁,逐渐成为了网络空间安全领域的主要矛盾。当前传统的基于特征码的静态扫描技术和基于软件行为的恶意软件检测技术容易产生误报和漏报,渐渐无法满足信息安全领域的新要求。为了解决这些问题,提出基于卷积神经网络CNN的恶意代码检测技术。利用Cuckoo沙箱系统来模拟运行环境并提取分析报告;通过编写Python脚本对分析报告进行预处理;搭建深度学习CNN训练模型来实现对恶意代码的检测,并将其与机器学习以及常见的杀毒软件进行比较。实验结果表明,该方法在相比之下更具有优势,并且取得了较好的检测效果,具有更高的可行性。
The explosive growth of malware every year,as well as the serious threat to the user machine and network environment,has gradually become the main contradiction in the field of network space security.Current traditional static scanning technology based on feature codes and malware detection technology based on software behavior are prone to produce false positives and omissions,which gradually fail to meet the new requirements in the field of information security.In order to solve these problems,malicious code detection technology based on CNN is proposed.Cuckoo sandbox system was used to simulate the running environment and extract the analysis report.Then,we could pre-process the analysis report by writing a Python script.A deep learning CNN training model was built to detect malicious code and compare it with machine learning and common anti-virus software.Experimental results show that this method has more advantages and better detection effect,so it has higher feasibility.
作者
傅依娴
芦天亮
马泽良
Fu Yixian;Lu Tianliang;Ma Zeliang(School of Information Technology and Network Security,People s Public Security University of China,Beijing 100076,China)
出处
《计算机应用与软件》
北大核心
2020年第1期304-308,333,共6页
Computer Applications and Software
基金
国家自然科学基金项目(61602489)
“十三五”国家密码发展基金密码理论研究课题(MMJJ20180108)
国家重点研发计划“网络空间安全”重点专项(2016YFB0801100)
中国人民公安大学2019年基本科研业务费重大项目(2019JKF108)
