摘要
网络空间面临的恶意代码威胁日益严峻,传统恶意代码检测方法在恶意代码攻防对抗中逐渐暴露弊端。针对此现状,该文提出了基于代码灰度化图像增强的恶意代码检测方法,使用恶意代码ASCII字符信息和PE结构信息对传统恶意代码灰度化图像方法进行改进,构建RGB三维图像作为原始数据输入到检测算法,并使用一种带有空间金字塔池化结构的VGG16神经网络模型对恶意代码图像进行训练和预测。该文还提出了一种基于多标注归一化表示的方法来提高样本标签的可靠性,实验结果表明:该方案可以有效应对加壳、混淆等对抗手段,对新型恶意代码具有良好的检测效果。
Cyberspace malware is becoming more and more serious with traditional malware detection methods unable to deal with the new types of malware. This paper presents a malware detection method based on enhanced code images. The traditional malware image method is improved by using ASCII character information and PE structure information. A three-dimensional RGB image is used as the raw input into the detection algorithm with a VGG16 neural network model with spatial pyramid pooling used to train and predict the malware images. In addition, a multi-label normalized representation method is used to improve the sample label reliability. The method was evaluated against real malware datasets.
作者
孙博文
张鹏
成茗宇
李新童
李祺
SUN Bowen;ZHANG Peng;CHENG Mingyu;LI Xintong;LI Qi(China Information Technology Security Evaluation Center,Beijing 100085,China;School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China)
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2020年第5期386-392,共7页
Journal of Tsinghua University(Science and Technology)
基金
国家协同创新专项课题(2016QY06X1205).
