期刊文献+

基于特征组合的Powershell恶意代码检测方法 被引量:3

Powershell malware detection method based on features combination
下载PDF
导出
摘要 近年来,Powershell由于其易用性强、隐蔽性高的特点被广泛应用于APT攻击中,传统的基于人工特征提取和机器学习方法的恶意代码检测技术在Powershell恶意代码检测中越来越难以有效。本文提出了一种基于随机森林特征组合和深度学习的Powershell恶意代码检测方法。该方法使用随机森林生成更好表征原始数据的新特征组合,随后使用深度学习神经网络训练并进行分类识别。该方法可以弥补人工特征工程经验不足的问题,更好表征原始数据从而提高检测效果。本文实验结果显示,利用本文提出方法构建的Powershell恶意代码检测系统性能良好,在真实数据集中的召回率、准确率均在99%以上,可以对Powershell恶意代码进行有效的检测识别。 In recent years,powershell is widely used in APT attack due to its ease of use and high concealment.Traditional malicious code detection technology based on artificial feature extraction and machine learning method is more and more difficult to be effective in the detection of malicious code in PowerShell.For this reason,this paper proposes a malicious Powershell code detection method based on random forest features combination and deep learning.This method uses random forest to generate new features which better characterize the original data,and uses deep neural network to build classifiers for classification and recognition.This method can make up for the lack of experience in artificial feature engineering,and characterize the original data better,so as to improve the detection effect.The experimental results in this article show that this method has a good performance,high recall rate and accuracy rate,which can effectively detect and identify malicious Powershell code.
作者 刘岳 刘宝旭 赵子豪 刘潮歌 王晓茜 吴贤达 LIU Yue;LIU Baoxu;ZHAO Zihao;LIU Chaoge;WANG Xiaoxi;WU Xianda(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)
出处 《信息安全学报》 CSCD 2021年第1期40-53,共14页 Journal of Cyber Security
基金 国家自然科学基金项目(No.61902396) 中国科学院战略性先导科技专项项目(No.XDC02040100) 中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室资助。
关键词 POWERSHELL 恶意代码 APT 深度学习 随机森林 Powershell malicious code APT deep learning random forest
  • 相关文献

参考文献5

二级参考文献11

  • 1LIU Huan, Setiono R. A probabilistic approach to feature selection[C]. Morgan Kaufmann publishers, A filter solution. Proceedings of Internatinoal Conference on MachineLearning,1996.319-327.
  • 2Qumlan, J. Decision trees and multi-values attribute[A].In J.E,H, Michie, D. Machine intelligence[C]. Oxford University Press,1998.
  • 3Kohavi R. Wrappers for performance enhancement and oblivious decision graphs[M]. PhD thesis,Stanford University, 1995.
  • 4LIU Huan, Hiroshi Motoda. Feature selection for knowledge[M]. Discovery And Data Mining, Kluwer Academic Publishers,1998.
  • 5Liu Huan, Setiono R. Scalable feature selection for large size database[C]. Morgan Kaufmann Publishers, Proceedings of the Fourth World Congress on Expert Systems, 1998.
  • 6Kira K, Rendell L. A practical approach to feature selection[C].Proceedings of the Ninth International Conference on Maching Learning, 249-256.
  • 7Kononenko Ⅰ. Estimating attributes: Analysis and extension of RELIEF[C]. Proceedings of the European Conference on Machine Learning, 1994, 171-182.
  • 8Liu Huan, Setiono R. Feature selection and classfication-a probabilistic wrapper approach[C]. Proceedings of the Ninth International Conference on Industrial and Engineering Applications of AI and ES.
  • 9蒋永康,吴越,邹福泰.基于图像矢量的恶意代码分类模型[J].通信技术,2018,51(12):2953-2959. 被引量:7
  • 10乔延臣,姜青山,古亮,吴晓明.基于汇编指令词向量与卷积神经网络的恶意代码分类方法研究[J].信息网络安全,2019(4):20-28. 被引量:14

共引文献24

同被引文献45

引证文献3

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部