摘要
随着物联网(IoT)的发展,嵌入式设备数量呈指数式增长,针对Linux内核的多样化系统的恶意软件数量不断增加。对恶意软件的自动分析检测一直是研究的重难点,且集中在基于Windows平台的恶意软件,由于Linux嵌入式设备基于的CPU架构不同、风格多元,静态分析流程复杂,对自动化分析造成阻碍,目前对于Linux恶意软件技术的检测尚不成熟。该文借鉴计算机视觉领域的图像分类思想,相较于传统的静态分析、动态分析,神经网络具有良好的处理复杂信息的能力,胶囊网络模型是近年来具有优异性能的图像分类算法,且很好地应用于小型样本图像分类任务。以可以标识软件行为的Linux软件系统调用序列作为特征,将特征转化为图像,对胶囊网络进行训练,实现对Linux恶意软件检测的目的,在自行收集的恶意软件数据集上测试准确率达到0.9988。
With the development of the Internet of Things(IoT),the number of embedded devices has grown exponentially,and the amount of malware targeting diverse systems of the Linux kernel is increasing.The automatic analysis and detection of malware has always been a difficult point of research,and it focuses on the malware based on Windows platform.Due to the different CPU architectures,diverse styles and complex static analysis process based on Linux embedded devices,automatic analysis is hindered.Detection of Linux malware technology is immature.This paper draws on the idea of image classification in the field of computer vision.Compared with the traditional static analysis and dynamic analysis,the neural network has a good ability to process complex information.The capsule network model is an image classification algorithm with excellent performance in recent years and is well applied to Small sample image classification task.Using Linux software system call sequences that can identify software behavior as features,the features are converted into images,and the capsule network is trained to achieve the purpose of Linux malware detection.The self-collected malware data set generated 0.9988 test accuracy.
作者
李乐凡
刘晓东
LI Lefan;LIU Xiaodong(Wuhan Research Institute of Posts and Telecommunications,Wuhan 430000,China;Wuhan Hongxu Information Technology Co.,Ltd.,Wuhan 430000,China)
出处
《电子设计工程》
2024年第7期53-57,共5页
Electronic Design Engineering
