基于多模态融合的动态恶意软件检测方法  

Multimodal Fusion Based Dynamic Malware Detection

在线阅读下载全文

作  者:李鉴秋 刘万平[1] 黄东 张琼 LI Jianqiu;LIU Wanping;HUANG Dong;ZHANG Qiong(College of Computer Science and Engineering,Chongqing University of Technology,Chongqing 400054,China;Key Laboratory of Advanced Manufacturing Technology of the Ministry of Education,Guizhou University,Guiyang 550025,China;Information Center,Chongqing Vocational and Technical University of Mechatronics,Chongqing 402760,China)

机构地区:[1]重庆理工大学计算机科学与工程学院,重庆400054 [2]贵州大学现代制造技术教育部重点实验室,贵阳550025 [3]重庆机电职业技术大学信息中心,重庆402760

出  处:《计算机科学》2024年第S02期936-942,共7页Computer Science

基  金:重庆市自然科学基金(cstc2021jcyj-msxmX0594)。

摘  要:近年来,新型恶意软件数量越来越多,而传统的签名式恶意软件检测方法在面对这些新恶意软件时逐渐失效,亟需开发出新的检测方法。针对这一问题,提出了一种基于多模态的动态恶意软件检测方法,该方法使用API调用序列作为特征,并将API特征映射为多模态信息,使用2种不同的网络模型对多模态信息进行处理,并获得检测结果。通过在多个公开的数据集上对所提方法进行了测试,获得最高99.98%的检测准确度。实验表明,所提方法具有高准确率以及良好的泛化能力。由于该方法无需任何反汇编操作,因此可以对使用了加壳技术的恶意软件进行检测,这一特点有效提高了检测方法的鲁棒性。In recent years,the number of new types of malware has been increasing rapidly,and traditional signature-based malware detection methods are ineffective in the face of these these emerging threats.Therefore,there is an urgent need to develop new detection methods.As a solution,a novel approach based on multimodal dynamic malware detection is proposed.The method utilizes API call sequences as features,mapping these API features into multimodal information,and employs two distinct neural network models to process the multimodal information,thereby obtaining detection outcomes.By testing the proposed method on multiple public datasets,a detection accuracy of up to 99.98%is achieved.Experiments demonstrate that the proposed method exhibits high accuracy and generalization capability.Because this method does not require any disassembly operations,it can detect malware that uses packing techniques,effectively enhancing the robustness of the detection method.

关 键 词:恶意软件检测 多模态融合 深度学习 

分 类 号:TP309.5[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象