TriCh-LKRepNet:融合三通道映射与结构重参数化的大核卷积恶意代码分类网络  被引量：1

作　　者：李思聪 王坚[1] 宋亚飞[1] 王硕 LI Si-cong;WANG Jian;SONG Ya-fei;WANG Shuo(Air and Missile Defense College,Air Force Engineering University,Xi’an,Shaanxi 710051,China;Unit of 95285 of the PLA,Guilin,Guangxi 541000,China)

机构地区：[1]空军工程大学防空反导学院,陕西西安710051 [2]中国人民解放军95285部队,广西桂林541000

出　　处：《电子学报》2024年第7期2331-2340,共10页Acta Electronica Sinica

基　　金：国家自然科学基金(No.61806219,No.61703426,No.61876189);陕西省自然科学基金(No.2021Jm^(2)26);陕西省高校科协青年人才托举计划(No.20190108,No.20220106);陕西省创新能力支撑计划(No.2020KJXX-065)~~。

摘　　要：随着网络威胁的日益严峻,恶意代码的检测与分类变得尤为关键.传统分析方法依赖手动特征提取,不仅耗时且难以跟上恶意代码的快速变异.相比之下,深度学习技术在恶意代码分类方面展现出巨大潜力.然而,模型复杂度和资源消耗仍是实际部署的难题.本研究提出了TriCh-LKRepNet(Triple-Channel Large Kernel Reparameterisation Network),该网络专注于轻量化设计,旨在确保检测性能的同时降低计算和内存需求.通过提出的三通道映射技术,将恶意代码的多维信息有效转换为图像通道,增强了特征的区分性.结合卷积神经网络(Convolutional Neural Networks,CNN)和Transformer的优势,设计了一个高效的深度学习架构,并通过重参数化技术优化了连接路径,以降低内存消耗并提升运行效率.此外,引入的线性训练时间过参数化和大卷积核技术进一步降低了模型的参数量和计算负担.通过实验证明,TriCh-LKRepNet在提升恶意代码分类精度的同时实现了模型的轻量化,与现有技术相比,展现出更佳的性能和更广泛的应用潜力,特别是在资源受限和需要实时检测的环境中,提供了一种有效的解决方案.With the increasing severity of cyber threats,the detection and classification of malicious code has become particularly critical.Traditional analysis methods rely on manual feature extraction,which is time-consuming and difficult to keep up with the rapid mutation of malicious code.In contrast,deep learning techniques show great potential for mali⁃cious code classification.However,model complexity and resource consumption are still challenges for practical deploy⁃ment.In this study,we propose the TriCh-LKRepNet(Triple-Channel Large Kernel Reparameterisation Network),which fo⁃cuses on lightweight design and aims to ensure detection performance while reducing computation and memory require⁃ments.Through the proposed three-channel mapping technique,the multi-dimensional information of malicious code is ef⁃fectively converted into image channels,which enhances the differentiation of features.An efficient deep learning architec⁃ture is designed by combining the advantages of convolutional neural networks(CNN)and Transformer,and the connection paths are optimized by a reparameterization technique to reduce the memory consumption and enhance the operation effi⁃ciency.In addition,the introduced linear training time over-parameterization and large convolutional kernel techniques fur⁃ther reduce the number of parameters and computational burden of the model.It is experimentally demonstrated that TriCh-LKRepNet improves the malicious code classification accuracy while realizing the model's lightweight,which shows better performance and wider application potential than existing techniques, especially in resource-constrained environmentswhere real-time detection is required, providing an effective solution.

关 键 词：恶意代码分类 恶意代码可视化 结构重参数化 大卷积核 汇编信息 语义关系 

分 类 号：TP309.5[自动化与计算机技术—计算机系统结构]