MalMKNet:一种用于恶意代码分类的多尺度卷积神经网络

MalMKNet: A Multi-Scale Convolutional Neural Network Used for Malware Classification

对未知恶意代码及其变种进行快速准确地识别,是对恶意攻击行为进行有效防范的前提和基础.但随着恶意代码变种的急剧增加,人工更新样本数据库的效率越来越差,仅仅依据延时的数据库信息,传统的识别方法难以有效捕获经过混淆方法操作的样本特征信息.针对上述问题,本文设计了一种基于灰度图像处理的深度学习模型MalMKNet(Multi-scale Kernel Network for Malware),建立了一种多尺度卷积核混合的卷积神经网络(Convolutional Neural Network,CNN)架构,以提高恶意代码识别能力.该模型运用具有捷径(shortcut)结构的深度大内核卷积和标准小内核卷积相结合的混合卷积核(Mixed Kernels,MK)模块,以提高模型准确率;在此基础上,通过多尺度内核融合(Multiscale Kernel Fusion,MKF),以降低模型参数量;再结合特征重组(feature shuffle)操作,实现优化特征通信,在不增加模型参数量的前提下提升了分类精度.实验结果表明,MalMKNet在恶意代码家族分类准确率方面优于其他基于深度学习的分类方法,准确率达到了99.35%.

Rapid and accurate identification of unknown malware and its variants is the premise and basis for the ef-fective prevention of malicious attacks.However,with the rapid increase of malware variants,the efficiency of manual up-dating of the sample database is getting worse and worse.It is difficult for the traditional identification method to effective-ly capture the sample feature information operated by the confusion method only based on the delayed database informa-tion.To address the above problems,this paper proposes a deep learning model based on grayscale image processing,MalMKNet(Multi-scale Kernel Network for Malware),a convolutional neural network(CNN)architecture using multi-scale convolution kernel mixing action to improve malware detection capabilities.The mixed kernels(MK)module com-bining deep large kernel convolution and standard small kernel convolution with shortcut structure is proposed to improve the model accuracy,and then we proposed multi-scale kernel fusion(MKF)to reduce the number of parameters.The fea-ture shuffle(FS)is proposed to improve the classification accuracy without increasing the number of parameters.Experi-mental results show that MalMKNet outperforms the state-of-the-art methods in terms of malware family classification ac-curacy which achieves 99.35%.