检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:孙世淼 刘亚姝 严寒冰 SUN Shi-miao;LIU Ya-shu;YAN Han-bing(School of Electrical and Information Engineering,Beijing University of Civil Engineering and Architecture,Beijing 102616,China;Operations Department,National Internet Emergency Center,Beijing 100029,China)
机构地区:[1]北京建筑大学电气与信息工程学院,北京102616 [2]国家计算机网络应急技术处理协调中心运行部,北京100029
出 处:《计算机工程与设计》2024年第8期2272-2280,共9页Computer Engineering and Design
基 金:国家重点研发计划基金项目(2018YFB0803604)。
摘 要:随着恶意软件数量和种类的增长,恶意软件可视化研究在提高检测效率上遇到了瓶颈。为提高准确率,从频率域角度,提出一种基于改进的多阶马尔可夫概率的恶意软件可视化方法。在恶意软件可视化过程中充分考虑相邻字节之间的关联性和不同长度汇编指令的字节分布等问题,根据指令长度计算不同阶的马尔可夫概率,获取多阶马尔可夫图像以扩展样本量。融合深度学习构建IM-CNN(image of muti-order Malkov-CNN)检测框架,进行分类检测,其结果表明,IM-CNN在CNCERT和BIG2015数据集上的准确率最高均可达99%,受恶意软件数据集的平衡性因素影响较小。With the increase in the number and types of malwares,the research on malware visualization has encountered a bottleneck in improving the detection efficiency.To improve the accuracy,from the perspective of frequency domain,a malware visua-lization method based on improved multi-order Markov probability was proposed.The correlation between adjacent bytes and the byte distribution of assembly instructions with different lengths were fully considered in the process of malware visualization.The Markov probabilities of different orders were calculated according to the instruction length,and the multi-order Markov images were obtained to expand the sample size.The IM-CNN(image of muti-order Malkov-CNN)detection framework was constructed by integrating deep learning for malware detection.The results show that the accuracy of IM-CNN on both CNCERT and BIG2015 datasets can reach 99%,and IM-CNN is less affected by the balance factor of malware dataset.
关 键 词:网络安全 恶意软件 可视化 马尔可夫 深度学习 卷积神经网络 分类检测
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.145.135.237