摘要
为解决小样本条件下恶意软件分类准确率低的问题,提出一种基于CBAM(convolutional block attention module)和原型网络的恶意软件分类模型。利用图像转换算法将恶意软件可执行文件转换为灰度图像;将残差连接和CBAM引入模型的特征嵌入模块,从通道和空间两个维度上增强关键特征表达,使得到的特征更具分辨性;提出联合损失函数,在距离交叉熵损失的基础上加入原型损失,通过减小类内距离的方式进一步扩增类间距离,使模型在样本数量有限的情况下取得良好的分类效果。实验结果表明,在每类恶意软件仅有5个样本的情况下,模型的分类准确率仍可达到83.12%。
To solve the problem of low accuracy of malware classification under the condition of few-sample,a malware classification model based on CBAM(convolutional block attention module)and prototypical network was proposed.The image conversion algorithm was used to convert malware executable files into grayscale images.The residual connection and CBAM were introduced into the feature embedding module of the model to enhance the expression of key features from the two dimensions of channel and space,so that the features obtained were more distinguishable.A joint loss function was proposed,which added prototype loss on the basis of distance based cross entropy loss,and further expanded the distance between classes by reducing the distance within a class,so that the model achieved good classification results when the number of samples was limited.Experimental results show that the classification accuracy of the model can still reach 83.12%when there are only 5 samples of each type malware.
作者
周景贤
崔海彬
李志平
ZHOU Jing-xian;CUI Hai-bin;LI Zhi-ping(Information Security Evaluation Center,Civil Aviation University of China,Tianjin 300300,China;College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China)
出处
《计算机工程与设计》
北大核心
2024年第7期1941-1947,共7页
Computer Engineering and Design
基金
国家自然科学基金项目(U1533104)
民航安全能力建设基金项目(PESA2019074、PESA2021009)
中央高校基本科研业务费中国民航大学专项基金项目(3122018C036、3122022058)。
关键词
恶意软件分类
灰度图
小样本学习
卷积神经网络
注意力机制
原型网络
联合损失函数
malware classification
grayscale image
few-shot learning
convolutional neural network
attention mechanism
prototypical network
joint loss function
