检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:刘紫煊 王晨 LIU Zixuan;WANG Chen(Wuhan Institute of Posts and Telecommunications,Wuhan 430000,China;Nanjing Fiberhome World Communication Technology Co.,Ltd.,Nanjing 210000,China)
机构地区:[1]武汉邮电科学研究院,湖北武汉430000 [2]南京烽火天地通信科技有限公司,江苏南京210000
出 处:《电子设计工程》2022年第18期67-72,共6页Electronic Design Engineering
摘 要:随着恶意代码的不断进化,传统的静态检测与动态检测方法已无法应对新兴的恶意代码。因此,将恶意代码pe文件反编译生成.bytes文件与.asm文件。利用汇编文件提取的N-Gram指令特征以及二进制文件灰度化提取的纹理特征,将以上两种特征结合,作为新的特征,输入到随机森林选择器中来实现恶意代码的分类。此外,还提出一种基于BiLSTM双向长短期时记忆网络的分类方法。实验结果显示,在相同算法前提下,多特征融合的分类准确率要高于单一特征分类准确率;BiLSTM模型对恶意代码的分类准确率要高于随机森林等传统模型的分类准确率。With the continuous evolution of malicious code,the traditional static detection and dynamic detection methods have been unable to deal with the emerging malicious code.Therefore,decompiles malicious code pe files to generate the.bytes files and the.asm files.By using the N-Gram instruction features extracted from assembly files and the texture features extracted from binary files grayscale,the above two features are combined as new features input into the random forest selector to realize the classification of malicious codes.In addition,a classification method based on BiLSTM is proposed.The experimental results show that under the same algorithm,the classification accuracy of multi⁃feature fusion is higher than that of single feature.The classification accuracy of BiLSTM model for malicious code is higher than that of traditional models such as random forest.
关 键 词:恶意代码 N-GRAM 灰度图纹理特征 双向长短时记忆网络
分 类 号:TN918[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15