摘要
对未知恶意代码及其变种进行快速准确地识别,是对恶意攻击行为进行有效防范的前提和基础.但随着恶意代码变种的急剧增加,人工更新样本数据库的效率越来越差,仅仅依据延时的数据库信息,传统的识别方法难以有效捕获经过混淆方法操作的样本特征信息.针对上述问题,本文设计了一种基于灰度图像处理的深度学习模型MalMKNet(Multi-scale Kernel Network for Malware),建立了一种多尺度卷积核混合的卷积神经网络(Convolutional Neural Network,CNN)架构,以提高恶意代码识别能力.该模型运用具有捷径(shortcut)结构的深度大内核卷积和标准小内核卷积相结合的混合卷积核(Mixed Kernels,MK)模块,以提高模型准确率;在此基础上,通过多尺度内核融合(Multiscale Kernel Fusion,MKF),以降低模型参数量;再结合特征重组(feature shuffle)操作,实现优化特征通信,在不增加模型参数量的前提下提升了分类精度.实验结果表明,MalMKNet在恶意代码家族分类准确率方面优于其他基于深度学习的分类方法,准确率达到了99.35%.
Rapid and accurate identification of unknown malware and its variants is the premise and basis for the ef-fective prevention of malicious attacks.However,with the rapid increase of malware variants,the efficiency of manual up-dating of the sample database is getting worse and worse.It is difficult for the traditional identification method to effective-ly capture the sample feature information operated by the confusion method only based on the delayed database informa-tion.To address the above problems,this paper proposes a deep learning model based on grayscale image processing,MalMKNet(Multi-scale Kernel Network for Malware),a convolutional neural network(CNN)architecture using multi-scale convolution kernel mixing action to improve malware detection capabilities.The mixed kernels(MK)module com-bining deep large kernel convolution and standard small kernel convolution with shortcut structure is proposed to improve the model accuracy,and then we proposed multi-scale kernel fusion(MKF)to reduce the number of parameters.The fea-ture shuffle(FS)is proposed to improve the classification accuracy without increasing the number of parameters.Experi-mental results show that MalMKNet outperforms the state-of-the-art methods in terms of malware family classification ac-curacy which achieves 99.35%.
作者
张丹丹
宋亚飞
刘曙
ZHANG Dan-dan;SONG Ya-fei;LIU Shu(Institute of Air Defense and Anti-missile,Air Force Engineering University,Xi'an,Shaanxi 710051,China)
出处
《电子学报》
EI
CAS
CSCD
北大核心
2023年第5期1359-1369,共11页
Acta Electronica Sinica
基金
国家自然科学基金(No.61806219,No.61703426,No.61876189)
陕西省自然科学基金(No.2021JM-226)
陕西省高校科协青年人才托举计划(No.20190108,No.20220106)
陕西省创新能力支撑计划(No.2020KJXX-065)。
关键词
恶意代码识别
卷积神经网络
深度学习
图像处理
大卷积核
轻量化模型
malware detection
convolutional neural network
deep learning
image processing
large kernels
light-weight model