恶意软件检测和分类可视化技术综述  被引量：5

作　　者：王金伟[1,2,3] 陈正嘉 谢雪 罗向阳 马宾[7] WANG Jinwei;CHEN Zhengjia;XIE Xue;LUO Xiangyang;MA Bin(Engineering Research Center of Digital Forensics,Ministry of Education,Nanjing University of Information Science and Technology,Nanjing 210044,China;Department of Computer,Nanjing University of Information Science and Technology,Nanjing 210044,China;State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou 450001,China;University of Science and Technology of China,Hefei 230031,China;China Aerospace Academy of Systems Science and Engineering,Beijing 100048,China;Information Engineering University,Zhengzhou 450001,China;School of Cyberspace Security,Qilu University of Technology,Jinan 250353,China)

机构地区：[1]南京信息工程大学数字取证教育部工程研究中心,江苏南京210044 [2]南京信息工程大学计算机学院,江苏南京210044 [3]数学工程与先进计算国家重点实验室,河南郑州450001 [4]中国科学技术大学网络空间安全学院,安徽合肥230031 [5]中国航天系统科学与工程研究院,北京100048 [6]信息工程大学,河南郑州450001 [7]齐鲁工业大学网络空间安全学院,山东济南250353

出　　处：《网络与信息安全学报》2023年第5期1-20,共20页Chinese Journal of Network and Information Security

基　　金：国家自然科学基金(62072250,62172435,U1804263,U20B2065,61872203,71802110,61802212);中原科技创新领军人才项目(214200510019);江苏省自然科学基金(BK20200750);河南省网络空间态势感知重点实验室开放基金(HNTS2022002);江苏省研究生研究与实践创新项目(KYCX200974);广东省信息安全技术重点实验室开放项目(2020B1212060078);山东省计算机网络重点实验室开放课题基金(SDKLCN-2022-05).

摘　　要：随着科技的不断发展,恶意软件及其变种的种类不断增多,已经成为网络安全的一个巨大挑战。这些恶意软件采用了多样的技术手段,以欺骗或规避传统检测方法,从而使得传统非可视化检测技术不再适用。近年来,数据可视化作为一种强有力的恶意软件检测和分类手段引起了学术界的广泛关注。通过以图像的方式呈现恶意软件的核心特征,这类方法能够显著提高恶意软件的检测和分类准确率,从而在网络安全领域具有广阔的研究前景。综述恶意软件检测领域的传统非可视化检测技术与可视化检测技术。介绍了恶意软件检测的传统非可视化方式,包括静态检测、动态检测、混合检测;重点对一些常见的恶意软件可视化方法进行了调研和综合评述,主要包括可视化结合机器学习与可视化结合深度学习两大方向,这两种方法在恶意软件检测和分类中各有优势和特点,因此在选择检测和分类方法时,需要综合考虑多个因素,包括数据集大小、计算资源和时间限制、模型准确度以及实现复杂度等;对目前检测技术所面临的问题进行了总结,并对未来的发展方向进一步展望。With the rapid advancement of technology,network security faces a significant challenge due to the pro-liferation of malicious software and its variants.These malicious software use various technical tactics to deceive or bypass traditional detection methods,rendering conventional non-visual detection techniques inadequate.In recent years,data visualization has gained considerable attention in the academic community as a powerful approach for detecting and classifying malicious software.By visually representing the key features of malicious software,these methods greatly enhance the accuracy of malware detection and classification,opening up extensive research op-portunities in the field of cyber security.An overview of traditional non-visual detection techniques and visualiza-tion-based methods were provided in the realm of malicious software detection.Traditional non-visual approaches for malicious software detection,including static analysis,dynamic analysis,and hybrid techniques,were introduced.Subsequently,a comprehensive survey and evaluation of prominent contemporary visualization-based methods for detecting malicious software were undertaken.This primarily encompasses encompassed the integration of visuali-zation with machine learning and visualization combined with deep learning,each of which exhibits distinct advan-tages and characteristics within the domain of malware detection and classification.Consequently,the holistic con-sideration of several factors,such as dataset size,computational resources,time constraints,model accuracy,and implementation complexity,is necessary for the selection of detection and classification methods.In conclusion,the challenges currently faced by detection technologies are summarized,and a forward-looking perspective on future research directions in the field is provided.

关 键 词：机器学习 深度学习 数据可视化 恶意软件检测和分类 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]