摘要
目前恶意代码的发展呈井喷之势,大量免杀技术在攻防对抗中得到增强。虽然大量研究资源投入到了对恶意代码的监测和分析,但面对多重加壳、混淆以及基于虚拟机保护的恶意代码变种,其安全监测效果甚微。提出基于深度学习的恶意代码同源性分析,首先分析恶意代码的反侦察技术以及其行为特征,其次提出恶意代码同源性分析算法框架,并基于沙箱分析结果对API调用关系进行序列化处理,最后基于互联网恶意代码样本集进行了算法训练及测试,结果显示本文所提算法可有效从海量恶意代码样本中提取出恶意代码的行为特征,实现较高准确率的恶意代码变种检测。
The current development of malicious code presents the trend of blowout,a large number of kill-free technology in the attack and defense confrontation is strengthened,a large number of research resources into the monitoring and analysis of malicious code,but in the face of multiple shelling,confusion and malicious code variants based on virtual machine technology,its security moni-toring effect is very small.This paper puts forward a kind of malicious code homogenous analysis technology based on deep learning,this paper first analyzes the anti-reconnaissance technology and behavior characteristics of malicious code,and secondly puts forward the framework of malicious code homogeneous analysis algorithm,based on the sandbox analysis results of API call relationship API serialization processing,and finally based on the Internet malicious code sample set for algorithm training and testing,the results show that the proposed algorithm can effectively extract malicious code from a large number of malicious code sample behavior patterns,enables high-accuracy detection of malicious code variants.
作者
杨航
毕凯峰
YANG Hang;BI Kai-feng(China Southern Power Grid Co.,Ltd.,Guangzhou 510000 China;China Southern Power Grid Digital Power Grid Research Institute Co.,Ltd.,Guangzhou 510000 China)
出处
《自动化技术与应用》
2023年第12期116-118,176,共4页
Techniques of Automation and Applications
基金
南方电网有限责任公司项目:恶意代码分析与综合性评价技术研究(ZBKJXM20190077)。
关键词
动态行为
恶意代码
同源分析
dynamic behavior
malicious code
code homogeneous identification
