基于Ngram-TFIDF的深度恶意代码可视化分类方法  被引量：1

作　　者：王金伟[1] 陈正嘉 谢雪 罗向阳[3] 马宾 WANG Jinwei;CHEN Zhengjia;XIE Xue;LUO Xiangyang;MA Bin(School of Computer,Nanjing University of Information Science and Technology,Nanjing 210044,China;School of Cyber Science and Technology,University of Science and Technology of China,Hefei 230031,China;School of Cyber Science and Technology,Information Engineering University,Zhengzhou 450001,China;School of Cyberspace Security,Qilu University of Technology,Jinan 250353,China)

机构地区：[1]南京信息工程大学计算机学院,江苏南京210044 [2]中国科学技术大学网络空间安全学院,安徽合肥230031 [3]信息工程大学网络空间安全学院,河南郑州450001 [4]齐鲁工业大学网络空间安全学院,山东济南250353

出　　处：《通信学报》2024年第6期160-175,共16页Journal on Communications

基　　金：国家自然科学基金资助项目(No.62072250,No.62172435,No.U20B2065);中原科技创新领军人才基金资助项目(No.214200510019);江苏自然科学基金资助项目(No.BK20200750);河南省网络空间态势感知重点实验室开放基金资助项目(No.HNTS2022002);山东省计算机网络重点实验室开放课题基金资助项目(No.SDKLCN-2022-05)。

摘　　要：随着恶意代码规模和种类的不断增加,传统恶意代码分析方法由于依赖于人工提取特征,变得耗时且易出错,因此不再适用。为了提高检测效率和准确性,提出了一种基于Ngram-TFIDF的深度恶意代码可视化分类方法。结合N-gram和TF-IDF技术对恶意代码数据集进行处理,并将其转化为灰度图。随后,引入CBAM并调整密集块数量,构建DenseNet88_CBAM网络模型用于灰度图分类。实验结果表明,所提方法在恶意代码家族分类和类型分类上分别提高了1.11%和9.28%的准确率,取得了优越的分类效果。With the continuous increase in the scale and variety of malware,traditional malware analysis methods,which relied on manual feature extraction,become time-consuming and error-prone,rendering them unsuitable.To improve detection efficiency and accuracy,a deep visualization classification method for malicious code based on Ngram-TFIDF was proposed.The malware dataset was processed by combining N-gram and TF-IDF techniques,transforming it into grayscale images.Subsequently,the CBAM was introduced and the number of dense blocks was adjusted to construct the DenseNet88_CBAM network model for grayscale image classification.Experimental results demonstrate that the proposed method achieves superior classification performance,with accuracy improvements of 1.11%and 9.28%in malware family classification and type classification,respectively.

关 键 词：深度学习 数据可视化 恶意代码检测和分类 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]