摘要
挖矿恶意软件是近年来出现的一种新型恶意软件,其加密运算模式给受害用户带来巨大损失.通过研究挖矿恶意软件的静态特征,本文提出一种基于威胁情报层次特征集成的挖矿恶意软件检测方法.从挖矿恶意软件威胁情报的角度,本文分别使用字节特征层、PE(Portable Executable)结构特征层和挖矿操作执行特征层训练挖矿恶意软件分类器,利用不同恶意软件特征对恶意软件的检测偏好,使用集成方法在层次特征的基础上组建挖矿恶意软件检测器.在实验评估中,本文使用模拟实验室环境数据集和模拟真实世界数据集进行模型性能测试.实验结果表明,本文所设计的层次特征集成的挖矿恶意软件检测方法在模拟真实世界数据集上取得了97.01%的准确率,相对挖矿恶意软件检测基线方法获取了6.13%的准确率提升.
Cryptojacking malware is a new type of malware that has emerged in recent years and poses a significant threat to user host security.By studying static features of cryptojacking malware,a detection method is proposed based on integrating hierarchical threat intelligence features.We train cryptojacking malware detectors using the raw byte feature,PE(Portable Executable)parsing feature,and cryptocurrency mining operation feature,respectively.Then,the ensemble learning is used for combining these detectors to form a cryptojacking malware detector from the perspective of hierarchical threat intelligence.In the experiments,the simulated lab dataset and the simulated real-world dataset are used for performance evaluation.The experimental results show that the proposed method acquires97.01%accuracy rate,which gets improvements of6.13%relative to the baseline method.
作者
郑锐
汪秋云
林卓庞
靖蓉琦
姜政伟
傅建明
汪姝玮
ZHENG Rui;WANG Qiu-yun;LIN Zhuo-pang;JING Rong-qi;JIANG Zheng-wei;FU Jian-ming;WANG Shu-wei(Key Laboratory of Aerospace Information Security and Trusted Computing of the Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan,Hubei 430072,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《电子学报》
EI
CAS
CSCD
北大核心
2022年第11期2707-2715,共9页
Acta Electronica Sinica
基金
国家自然科学基金(No.61972297,No.62172308,No.62172144)
国家重点研发计划(No.2018YFB0805005)。