基于特征融合的恶意代码检测  

Malicious code detection based on feature fusion

在线阅读下载全文

作  者:李梦 刘万平[1] 黄东 LI Meng;LIU Wan-ping;HUANG Dong(College of Computer Science and Engineering,Chongqing University of Technology,Chongqing 400054,China;Key Laboratory of Advanced Manufacturing Technology of the Ministry of Education,Guizhou University,Guiyang 550025,China)

机构地区:[1]重庆理工大学计算机科学与工程学院,重庆400054 [2]贵州大学现代制造技术教育部重点实验室,贵州贵阳550025

出  处:《计算机工程与设计》2024年第12期3568-3574,共7页Computer Engineering and Design

基  金:重庆市自然科学基金项目(cstc2021jcyj-msxmX0594);重庆理工大学研究生教育高质量发展行动计划成果基金项目(gzlcx20233228)。

摘  要:使用单一静态特征进行检测的方法无法应对经过反检测手段处理的恶意代码。为解决这一问题,提出一种利用特征融合进行恶意代码检测的方法,这种方法同时使用静态和动态特征。利用可视化方法将恶意代码可执行文件的全局结构信息转换为字节码图像;动态获取应用程序接口(application programming interface,API)调用序列,根据API调用频率生成灰度图;引入金字塔池化(spatial pyramid pooling,SPP)构造双分支密集连接网络模型,将两种特征图像作为输入,提取特征并进行融合。实验结果表明,所提方法可以提升恶意代码的检测准确率。Methods that use a single static feature for detection cannot cope with malicious code that has been processed by anti-detection means.To address this problem,an approach for malicious code detection using feature fusion was proposed,in which both static and dynamic features were used.The global structural information of the malicious code executable was converted into a bytecode image using a visualization method.The application programming interface(API)call sequences were dynamically obtained and a grayscale map was generated based on the API call frequency.The spatial pyramid pooling(SPP)was introduced to construct a two-branch densely connected network model,and the two feature images were used as inputs to extract features and fuse them.Experimental results show that the proposed method can improve the accuracy of malicious code detection.

关 键 词:恶意代码 可视化 特征融合 空间金字塔池化 布谷鸟沙箱 静态特征 动态特征 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象