基于深度可分离卷积的多神经网络恶意代码检测模型  被引量：12

作　　者：蒋瑞林 覃仁超[1] JIANG Ruilin;QIN Renchao(School of Computer Science and Technology,Southwest University of Science and Technology,Mianyang Sichuan 621010,China)

机构地区：[1]西南科技大学计算机科学与技术学院,四川绵阳621010

出　　处：《计算机应用》2023年第5期1527-1533,共7页journal of Computer Applications

基　　金：四川省科技计划项目(2022YFG0339)。

摘　　要：针对传统的恶意代码检测方法存在成本过高和检测结果不稳定等问题,提出一种基于深度可分离卷积的多神经网络恶意代码检测模型。该模型使用深度可分离卷积(DSC)、SENet(Squeeze-and-Excitation Network)通道注意力机制和灰度共生矩阵(GLCM),通过三个轻型神经网络与灰度图像纹理特征分类并联检测恶意代码家族及其变种,将多个强分类器检测结果通过朴素贝叶斯分类器融合,在提高检测准确率的同时减少网络计算开销。在MalVis+良性数据的混合数据集上的实验结果表明,该模型对恶意代码家族及其变种的检测准确率达到97.43%,相较于ResNet50、VGGNet模型分别提高了6.19和2.29个百分点,而它的参数量只有ResNet50模型的68%和VGGNet模型的13%;在malimg数据集上该模型的检测准确率达到99.31%。可见,所提模型检测效果较好,且参数量也有所降低。Concerning of the problems of high cost and unstable detection results of the traditional malicious code detection methods,a multi-neural network malicious code detection model based on depthwise separable convolution was proposed.By using the Depthwise Separable Convolution(DSC),SENet(Squeeze-and-Excitation Network)channel attention mechanism and Grey Level Co-occurrence Matrix(GLCM),three lightweight neural networks were connected with GLCM in parallel to detect malicious code families and their variants,then the detection results of multiple strong classifiers were fused via Naive Bayes classifier to improve the detection accuracy while reducing the computational cost.Experimental results on the hybrid dataset of MalVis+benign data show that the proposed model achieved the accuracy of 97.43%in the detection of malicious code families and their variants,which was 6.19 and 2.29 percentage points higher than those of ResNet50 and VGGNet models respectively,while its parameter quantity is only 68%of that of ResNet50 model and 13%of that of VGGNet model.On malimg dataset,the detection accuracy of this model achieved 99.31%.In conclusion,the proposed model has good detection effect with reduced parameters.

关 键 词：恶意代码 神经网络 深度可分离卷积 SENet 通道注意力机制 灰度共生矩阵 

分 类 号：TP309.5[自动化与计算机技术—计算机系统结构]