一种基于三通道图像的恶意软件分类方法  被引量：2

作　　者：杨春雨 徐洋[1] 张思聪[1] 李小剑[1] YANG Chunyu;XU Yang;ZHANG Sicong;LI Xiaojian(Key Laboratory of Information and Computer Science of Guizhou Province,Guizhou Normal University,Guiyang 550001,Guizhou,China)

机构地区：[1]贵州师范大学贵州省信息与计算科学重点实验室,贵州贵阳550001

出　　处：《武汉大学学报（理学版）》2022年第1期26-34,共9页Journal of Wuhan University:Natural Science Edition

基　　金：国家自然科学基金(U1831131);中央引导地方科技发展专项资金(黔科中引地[2018]4008);贵州省科技计划(黔科合支撑[2020]2Y013号)。

摘　　要：针对传统恶意软件采用图像分类方法准确率不高、抗混淆能力弱、模型训练收敛慢的缺点,本文对恶意软件图像表示方法进行改进,将恶意软件、字节Bigram、Lst文件转化成3种灰度图像,将3种灰度图像组合成三通道彩色图像进行分类,并将图像分类效果好的EfficientNet模型用于恶意软件图像分类。结合迁移学习领域中的微调技术将ImageNet数据集的分类权重应用于EfficientNet,提高模型的收敛速度和分类效果,减少模型的训练开销。实验表明在微调技术下模型收敛速度快于预训练,且微调后的最优模型对20种恶意软件的分类准确率达到97.22%。相比ResNet、VGG16等网络,本文的模型具有参数量和浮点运算次数少、准确率高的优点。Aiming at the traditional malware classification using image with low accuracy rate,weak anti-aliasing ability and long time for model to reach convergence,this research makes improvements in the malware image representation method,converting malware,bytes Bigram,and Lst file to three kinds of grayscale images and combining grayscale images into three-channel color images for classification,and then uses the EfficientNet model with excellent image classification effects for malware image classification with the fine-tuning technology in the field of migration learning.The classification weights from the ImageNet dataset are applied to EfficientNet to improve the convergence speed and classification effect of the model,and to reduce the training cost of the model.Experiments show that the model converges faster than pre-training under the fine-tuning technology,and the best fine-tuned model can classify 20 kinds of malwares with an accuracy of 97.22%.The fine-tuned model has better classification accuracy and fewer FLOPs(floating point operations)and parameters than ResNet,VGG16 and other models.

关 键 词：恶意软件 EfficientNet ImageNet 微调 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]