摘要
当前恶意代码的对抗技术不断变化,恶意代码变种层出不穷,使恶意代码分类问题面临严峻挑战。针对目前基于深度学习的恶意代码分类方法提取特征不足和准确率低的问题,提出了基于双向时域卷积网络(BiTCN)和自注意力机制(Self-Attention)的恶意代码分类方法(BiTCN-SA)。该方法融合恶意代码操作码特征和图像特征以展现不同的特征细节,增加特征多样性。构建BiTCN对融合特征进行处理,充分利用特征的前后依赖关系。引入自注意力机制对数据权值进行动态调整,进一步挖掘恶意代码内部数据间的关联性。在Kaggle数据集上对模型进行验证,实验结果表明:该方法准确率可达99.75%,具有较快的收敛速度和较低的误差。
At present,the countermeasure technology of malicious code is constantly changing,and new varieties of malicious code are emerging in endless streamto make the classification of malicious code face severe challenges.Aimed at the problemsthat features extracted are insufficient and low in accuracy by using current malicious code classification methods based on deep learning,a malicious code classification method(BiTCN-SA)based on bi-directional temporal convolution network(BiTCN)and self attention mechanism is proposed.This method is combination of opcode features with image features to show different feature details,increasing feature diversity.The BiTCN is constructed to process the fused features,making full use of the pre and post dependencies of the features.The self attention mechanism is introduced todynamically adjust the data weight,further mining the correlation between the internal data of malicious code.The model is verified by using the Kaggle data set.The results show that the accuracy of this method can reach 99.75%,and the method is fast at convergence speed,lowin error,and better than the other models.
作者
黄玮
王坚
吴暄
李思聪
HUANG Wei;WANG Jian;WU Xuan;LI Sicong(Air and Missile Defense School,Air Force Engineering University,Xi’an 710051,China)
出处
《空军工程大学学报》
CSCD
北大核心
2023年第4期77-84,共8页
Journal of Air Force Engineering University
基金
国家自然科学基金(61806219,61703426,61876189)
陕西省自然科学基金(2021JM-226)
陕西省高校科协青年人才托举计划(20190108,20220106)
陕西省创新能力支撑计划(2020KJXX-065)。
关键词
恶意代码分类
特征融合
双向时域卷积网络
自注意力机制
malicious code classification
feature fusion
bi-directional temporal convolution network
self attention mechanism
