检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:雷靖玮 伊鹏 陈祥 LEI Jing-wei;YI Peng;CHEN Xiang(Institute of Information Technology,Information Engineering University,Zhengzhou 450002,China)
机构地区:[1]信息工程大学信息技术研究所,河南郑州450002
出 处:《计算机工程与设计》2024年第2期356-366,共11页Computer Engineering and Design
基 金:国家重点研发计划基金项目(2020YFB1806402)。
摘 要:针对传统PDF文档检测误报率过高的问题,提出一种基于图神经网络与深度学习的检测模型DGNN。通过收集文档运行时各线程产生的系统调用数据生成相应的系统调用图,运用所提基于H指数的图采样策略缩减数据规模;采样后的子图作为模型DGNN的输入,借助图卷积网络提取关联关系的同时,利用深度学习提取系统调用对的属性特征并完成特征融合,通过系统调用图的性质判别完成检测。实验结果表明,与其它方法相比,该模型特征提取与训练时间短,有效提高了PDF文档的检测效果。Focused on the issues that the traditional detection methods cannot cope with malicious PDF documents effectively and always result in false positives,a detection model based on graph neural network and deep learning(DGNN)was introduced.The tracking tool captured the system calls once opening a document,and system call graphs were constructed,accompanied by the division according to the threads.Simultaneously,a method of graph sampling based on the H-index was proposed for downscaling.The sampled subgraphs were used as the input of the model.Subsequently,the association relations were extracted through the graph convolution network,and the attribute features were extracted using deep learning for fusion.The final detection was completed according to the nature of system call graphs.Experimental results show that,compared with other methods,the proposed model has outstanding performances in feature extracting and training,effectively improving the accuracy of PDF detection.
关 键 词:PDF文档检测 图神经网络 深度学习 图采样 特征分析 性能评价 系统调用
分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.62