摘要
恶意软件的泛滥给网络用户、企业、工业设施、网络和信息设备等带来严重的安全威胁.近年来,传统基于签名和启发式规则的恶意软件识别方法已不足以应对急剧增长的新型恶意软件.针对于此,大量机器学习方法被尝试用来更好地解决恶意软件识别问题.在广泛调研国内外大量文献及最新科研成果的基础上,以特征表示的获取为分类依据,按照基于特征工程的方法和基于特征学习的方法两类对当前基于机器学习的恶意软件识别研究进展进行了归纳和介绍,并整理了目前已公开的可用于训练机器学习的恶意代码数据集.在总结当前研究现状的基础上,进一步展望了基于机器学习的恶意软件识别当前面临的问题和挑战.
The proliferation of malware has brought serious security threats to network users,enterprises,industrial facilities,networks,and information equipment.Recently,traditional malware identification methods based on signatures and heuristic rules are no longer sufficient to deal with the rapid growth of new malware.To addressing this issue,a variety of machine learning algorithms have been used to better solve the malware identification task.Based on an extensive investigation of a large volume of literature and the latest research achievements at home and abroad,this paper summarizes and surveys the current research progress of malware identification based on machine learning.According to the acquisition method of feature representation,we divide existing methods into two categories,i.e.,feature-engineering-based and feature-learning-based,and review each category separately.We also summarize public malware datasets that can be used for training and evaluating machine learning models.Based on the review of existing research,we look forward to the open problems and challenges of malware identification based on machine learning.
作者
王志文
刘广起
韩晓晖
左文波
吴晓明
王连海
WANG Zhi-wen;LIU Guang-qi;HAN Xiao-hui;ZUO Wen-bo;WU Xiao-ming;WANG Lian-hai(Shandong Provincial Key Laboratory of Computer Networks,Shandong Computer Science Center(National Supercomputer Center in Jinan),Qilu University of Technology(Shandong Academy of Sciences),Jinan 250014,China)
出处
《小型微型计算机系统》
CSCD
北大核心
2022年第12期2628-2637,共10页
Journal of Chinese Computer Systems
基金
国家重点研发计划项目(2018YFE0119700)资助
国家自然科学基金项目(61602281)资助
山东省重点研发计划项目(2019JZZY010132,2019JZZY020129,2019JZZY010134)资助
山东省自然科学基金项目(ZR2020KF035)资助。
