检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Jingwei Hao Senlin Luo Limin Pan
出 处:《Computer Systems Science & Engineering》2023年第7期719-734,共16页计算机系统科学与工程(英文)
基 金:This work is supported in part by the Information Security Software Project(2020)of the Ministry of Industry and Information Technology,PR China under Grant CEIEC-2020-ZM02-0134.
摘 要:The byte stream is widely used in malware detection due to its independence of reverse engineering.However,existing methods based on the byte stream implement an indiscriminate feature extraction strategy,which ignores the byte function difference in different segments and fails to achieve targeted feature extraction for various byte semantic representation modes,resulting in byte semantic confusion.To address this issue,an enhanced adversarial byte function associated method for malware backdoor attack is proposed in this paper by categorizing various function bytes into three functions involving structure,code,and data.The Minhash algorithm,grayscale mapping,and state transition probability statistics are then used to capture byte semantics from the perspectives of text signature,spatial structure,and statistical aspects,respectively,to increase the accuracy of byte semantic representation.Finally,the three-channel malware feature image is constructed based on different function byte semantics,and a convolutional neural network is applied for detection.Experiments on multiple data sets from 2018 to 2021 show that the method can effectively combine byte functions to achieve targeted feature extraction,avoid byte semantic confusion,and improve the accuracy of malware detection.
关 键 词:Byte function malware backdoor attack semantic representation model visualization
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.138.174.90