基于图像域的轻量级恶意软件分类方法研究  

作　　者：孙敬张 程轶男 邹炳慧 乔彤华 符思政 张琪 曹春杰[1,2] SUN Jingzhang;CHENG Yinan;ZOU Binghui;QIAO Tonghua;FU Sizheng;ZHANG Qi;CAO Chunjie(School of Cyberspace Security(School of Cryptology),Hainan University,Haikou 570228,China;Hainan Provincial Engineering Research Center of Cryptology and Cross-Border Data Security,Haikou 570228,China;Faculty of Data Science,City University of Macao,Macao 999078,China)

机构地区：[1]海南大学网络空间安全学院(密码学院),海南海口570228 [2]密码与跨境数据安全海南省工程研究中心,海南海口570228 [3]澳门城市大学数据科学学院,中国澳门999078

出　　处：《通信学报》2025年第3期187-198,共12页Journal on Communications

基　　金：海南省科技人才创新基金资助项目(No.KJRC2023B13,No.KJRC2023D30)。

摘　　要：针对传统恶意软件家族分类方法部署成本高和预测时间长等问题,提出了一种轻量的恶意软件可视化分类方法。首先,提出对比度受限双三次插值与高斯模糊算法,解决恶意软件图像大小不平衡及噪声过多的问题。其次,为应对恶意软件特征间关联捕获困难和现有注意力模块复杂度高的问题,提出轻量通道注意力机制,重点关注信息量更大的特征,结合深度可分离卷积减少模型参数。在MalImg、BIG2015和BODMAS这3个大型数据集上进行实验,该模型对恶意软件家族分类的准确率分别达到99.68%、99.45%和93.12%,模型大小分别为442 KB、414 KB和423 KB,预测时间分别为14.12 ms、11.09 ms和4.11 ms,证明了该方法在准确率、模型大小和推理速度上的先进性。To address the high deployment costs and long prediction times associated with traditional malware classification methods,a lightweight malware visualization classification method was proposed.Firstly,a CBG algorithm was introduced to solve the problems of imbalanced image sizes and excessive noise in malware images.Then,to capture feature relationships effectively and reduce computational complexity,a lightweight channel attention mechanism was implemented.This mechanism guided the model to focus on more informative features,while depthwise separable convolution further reduced the number of model parameters.Experimental results on three large malware datasets,MalImg,BIG2015,and BODMAS,demonstrate that the proposed model achieved classification accuracies of 99.68%,99.45%,and 93.12%,with model sizes of 442 KB,414 KB,and 423 KB,and prediction times of 14.12 ms,11.09 ms,and 4.11 ms per image,respectively.This method demonstrates state-of-the-art performance in accuracy,model size,and inference speed.

关 键 词：恶意软件分类 图像增强 轻量级模型 轻量通道注意力 

分 类 号：TP309.5[自动化与计算机技术—计算机系统结构]