摘要
基于LSTM-CNN组合框架的深度学习模型在很多恶意程序分类测试中都取得了极佳的效果。从LSTM-CNN的结构来看,CNN的作用主要是抽取数据间的局部依赖关系。然而在恶意程序识别分类任务中,CNN池化层Pooling操作会导致部分特征之间的关联信息在计算过程中丢失,这可能会对模型整体的分类效果产生影响。针对该问题,提出一种基于LSA(LSTM-Self-Attention)模型的恶意程序识别分类方法。Self-Attention的引入弥补了CNN抽取局部特征时丢失信息的缺陷,同时还增强了局部特征和全体特征之间的关联性。EMBER2018数据集测试结果显示,该方法的分类准确率达到92.53%,相较于BiLSTM和LSTM-CNN模型分别提升了1.27%和0.85%。
Deep learning model based on LSTM-CNN composite framework has achieved excellent results in many malware classification tests.In the structure of LSTM-CNN,the function of CNN is mainly to extract the local dependence of data.However,the pooling operation in CNN will lead to the loss of association information between features during the calculation process,which may affect the overall classification effect of the model.In order to solve this problem,this paper proposes a malware recognition and classification method based on LSA(LSTM-Self-Attention)model.The introduction of Self-Attention makes up for the defect of information loss when CNN extracts local features,and increases the correlation between the local features and the whole features.The experimental results on EMBER2018 dataset show that the classification accuracy of proposed method reaches 92.53%,1.27%and 0.85%higher than BiLSTM and LSTM-CNN models,respectively.
作者
路阳
彭海晖
王震宇
LU Yang;PENG Haihui;WANG Zhenyu(Information Engineering University, Zhengzhou 450001, China;Henan Branch of China United Network Communications Group Co.,Ltd, Zhengzhou 450052, China)
出处
《信息工程大学学报》
2020年第6期689-693,共5页
Journal of Information Engineering University
基金
国家自然科学基金资助项目(61802435)。
