摘要
文章提出了一种基于增量学习的恶意代码检测方法,不仅可以减小模型大小和使用的系统资源,保证准确率,而且还可以在降低模型训练时间的基础上有效解决大多数算法所面临的灾难性遗忘问题和数据流不平衡所产生的概念漂移现象。首先将良性和恶意代码的二进制文件转换成RGB三通道彩色图,然后提取图片特征进行增量训练。文章提出的方法将训练过程分为训练卷积层和全连接层、在偏差校正层使用线性模型校正残差两个阶段。实验结果表明,模型对恶意代码检测的准确率为95.8%,可以有效地提高分类精度,因此,可以很好地用于恶意代码检测。
This paper proposes a malware detection method based on incremental learning,which can not only reduce the model size and use of system resources,but also ensure the accuracy.Moreover,on the basis of effectively reducing the training time of the model,it can effectively solve the catastrophic forgetting problem and concept drift phenomenon caused by unbalanced data flow that most deep learning algorithms face.The binary files of benign and malicious codes are first converted into RGB three-channel color maps,and then image features are extracted for incremental training.The training process is divided into two stages,which are training convolution layer and full connection layer,and using linear model to correct the residual in the deviation correction layer.Experimental results show that the accuracy rate of malware detection is 95.8%,which can effectively improve the classification accuracy,so it can be well used in malware detection.
作者
张晓良
柴艳玉
吴克河
吕卓
ZHANG Xiaoliang;CHAI Yanyu;WU Kehe;LYU Zhuo(North China Electric Power University,Beijing 100096;Power Research Institute of State Grid Henan Electric Power Company,Zhengzhou 450000)
出处
《计算机与数字工程》
2024年第7期2141-2145,2220,共6页
Computer & Digital Engineering
基金
国家电网有限公司总部科技项目“面向闭源电力工控系统的安全防御技术研究”(编号:5700-202024193A-0-0-00)资助。
关键词
恶意代码检测
增量学习
知识蒸馏
malware detection
incremental learning
knowledge distillation
