对抗训练驱动的恶意代码检测增强方法  被引量：5

作　　者：刘延华[1,2] 李嘉琪 欧振贵 高晓玲 刘西蒙 MENG Weizhi 刘宝旭 LIU Yanhua;LI Jiaqi;OU Zhengui;GAO Xiaoling;LIU Ximeng;MENG Weizhi;LIU Baoxu(College of Computer and Data Science,Fuzhou University,Fuzhou 350108,China;Fujian Provincial Key Laboratory of Networking Computing and Intelligent Information Processing,Fuzhou University,Fuzhou 350108,China;Department of Applied Mathematics and Computer Science,Technical University of Denmark,Copenhagen 2800,Denmark;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)

机构地区：[1]福州大学计算机与大数据学院,福建福州350108 [2]福建省网络计算与智能信息处理重点实验室,福建福州350108 [3]丹麦科技大学应用数学和计算机系,哥本哈根2800 [4]中国科学院信息工程研究所,北京100093

出　　处：《通信学报》2022年第9期169-180,共12页Journal on Communications

基　　金：国家自然科学基金资助项目(No.62072109,No.U1804263);福建省自然科学基金资助项目(No.2021J01625,No.2021J01616);福建省科技重大专项(科教联合)项目(No.2021HZ022007)。

摘　　要：为了解决恶意代码检测器对于对抗性输入检测能力的不足,提出了一种对抗训练驱动的恶意代码检测增强方法。首先,通过反编译工具对应用程序进行预处理,提取应用程序接口(API)调用特征,将其映射为二值特征向量。其次,引入沃瑟斯坦生成对抗网络,构建良性样本库,为恶意样本躲避检测器提供更加丰富的扰动组合。再次,提出了一种基于对数回溯法的扰动删减算法。将良性样本库中的样本以扰动的形式添加到恶意代码中,对添加的扰动进行二分删减,以较少的查询次数减少扰动的数量。最后,将恶意代码对抗样本标记为恶意并对检测器进行重训练,提高检测器的准确性和稳健性。实验结果表明,生成的恶意代码对抗样本可以躲避目标检测器的检测。此外,对抗训练提升了目标检测器的准确率和稳健性。To solve the deficiency of the malicious code detector’s ability to detect adversarial input,an adversarial training driven malicious code detection enhancement method was proposed.Firstly,the applications were preprocessed by a decompiler tool to extract API call features and map them into binary feature vectors.Secondly,the Wasserstein generative adversarial network was introduced to build a benign sample library to provide a richer combination of perturbations for malicious sample evasion detectors.Then,a perturbation reduction algorithm based on logarithmic backtracking was proposed.The benign samples were added to the malicious code in the form of perturbations,and the added benign perturbations were culled dichotomously to reduce the number of perturbations with fewer queries.Finally,the adversarial malicious code samples were marked as malicious and the detector was retrained to improve its accuracy and robustness of the detector.The experimental results show that the generated malicious code adversarial samples can evade the detector well.Additionally,the adversarial training increases the target detector’s accuracy and robustness.

关 键 词：对抗训练 检测增强 生成对抗网络 扰动删减 

分 类 号：TN92[电子电信—通信与信息系统]