摘要
为应对不断升级的恶意代码变种,针对现有恶意代码分类方法对特征提取能力不足、分类准确率下降的问题,文章提出了基于双向时域卷积网络(Bidirectional Temporal Convolution Network,BiTCN)和池化融合(Double Layer Pooling,DLP)的恶意代码分类方法(BiTCN-DLP)。首先,该方法融合恶意代码操作码和字节码特征以展现不同细节;然后,构建BiTCN模型充分利用特征的前后依赖关系,引入池化融合机制进一步挖掘恶意代码数据内部深层的依赖关系;最后,文章在Kaggle数据集上对模型进行验证,实验结果表明,基于BiTCN-DLP的恶意代码分类准确率可达99.54%,且具有较快的收敛速度和较低的分类误差,同时,文章通过对比实验和消融实验证明了该模型的有效性。
To cope with the escalating malicious code variants,this article proposed a malicious code classification method(BiTCN-DLP)based on a bidirectional temporal convolution network(BiTCN)and double layer pooling(DLP)to address the problems of insufficient feature extraction and degradation of classification accuracy of existing malicious code classification methods.First,the method fused malicious code opcode and bytecode features to show different details,built BiTCN models to take advantage of the backward and forward dependencies of the features,and introduced a pooling fusion mechanism to further explore the deep dependencies within the malicious code data.Then,the model was validated on the Kaggle dataset.The experimental results show that the accuracy of malicious code classification based on BiTCN-DLP can reach 99.54%with fast convergence and low classification error.Finally,the effectiveness of the model was proved by comparison experiments and ablation experiments.
作者
李思聪
王坚
宋亚飞
黄玮
LI Sicong;WANG Jian;SONG Yafei;HUANG Wei(Air and Missile Defense College,Air Force Engineering University,Xi’an 710051,China;Graduate School of Air Force Engineering University,Xi’an 710051,China)
出处
《信息网络安全》
CSCD
北大核心
2023年第11期104-117,共14页
Netinfo Security
基金
国家自然科学基金[61806219,61703426,61876189]
陕西省科学基金[2021JM-226]
陕西省高校科协青年人才托举计划[20190108,20220106]
陕西省创新能力支撑计划[2020KJXX-065]。
