基于图像化方法的恶意软件检测与分类综述  

作　　者：谢丽霞[1] 魏晨阳 杨宏宇[1,2] 胡泽 成翔 张良 XIE Li-Xia;WEI Chen-Yang;YANG Hong-Yu;HU Ze;CHENG Xiang;ZHANG Liang(School of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300;School of Safety Science and Engineering,Civil Aviation University of China,Tianjin 300300;School of Information Engineering,Yangzhou University,Jiangsu 225127;Key Laboratory of Civil Aviation Flight Networking,Civil Aviation University of China,Tianjin 300300;School of Information,The University of Arizona,Tucson 85721 USA)

机构地区：[1]中国民航大学计算机科学与技术学院,天津300300 [2]中国民航大学安全科学与工程学院,天津300300 [3]扬州大学信息工程学院,江苏扬州225127 [4]中国民航大学民航飞联网重点实验室,天津300300 [5]亚利桑那大学信息学院,美国图森85721

出　　处：《计算机学报》2025年第3期650-674,共25页Chinese Journal of Computers

基　　金：国家自然科学基金民航联合研究基金重点项目(U2433205);国家自然科学基金项目(62201576,U1833107);江苏省基础研究计划自然科学基金青年基金项目(BK20230558);中国民航大学飞联网重点实验室开放基金(MIIFLW202304)资助。

摘　　要：恶意软件的检测与分类是一种发现并消除潜在威胁、识别恶意软件家族的有效方法,在个人隐私保护和系统安全维护等任务中起关键作用。传统检测分类方法在面对使用复杂混淆技术的恶意软件新变种时,存在检测准确率低、误报率高和计算成本高等问题。在此背景下,利用基于深度学习的图像化方法解决恶意软件检测分类问题逐渐成为研究热点。因此,为全面总结分析图像化方法在恶意软件检测分类领域的应用,本文首先概述了恶意软件的定义、发展历程以及常用的混淆规避技术,讨论了基于静态分析、动态分析以及机器学习的检测分类方法存在的局限性,尤其是在应对复杂混淆技术和未知变种方面存在的不足。然后,系统总结了近年来图像化检测方法的最新研究进展,全面评估该方法在检测不同类型、不同平台(Windows、Android、IoT)恶意软件时的应用效果,深入分析该方法在提升检测分类精度、对抗高级混淆技术以及处理恶意软件新变种时的优势。最后,本文介绍并分析了可用于评估实验模型性能的各类数据集,深入讨论了图像化检测分类方法当前面临的各种挑战,并对未来研究方向进行了展望。The detection and classification of malware are essential processes for identifying potential threats,recognizing malware families,and mitigating security risks.These tasks are critical in various applications,such as personal privacy protection and system security maintenance.However,traditional malware detection and classification methods face significant challenges,particularly when encountering new malware variants that employ advanced obfuscation techniques.Specifically,these methods often suffer from low detection accuracy,high false positive rates,and substantial computational costs.As a result,the growing complexity of malware has made it increasingly difficult for traditional approaches to maintain the effectiveness needed for real-time security applications.In response to these limitations,deep learning-based imaging techniques have emerged as a significant area of research,offering potential solutions to the problems associated with traditional detection methods.This paper aims to provide a comprehensive review and analysis of the application of imaging techniques in malware detection and classification.Initially,the paper presents an overview of malware,defining its characteristics,tracing its evolution,and discussing the commonly used obfuscation and evasion techniques that enable malware to evade traditional detection methods.Furthermore,the limitations of conventional detection techniques,including static analysis,dynamic analysis,and machine learning-based methods,are explored in detail.These traditional approaches often struggle to effectively address the challenges posed by complex obfuscation strategies and previously unknown malware variants,which limit their overall effectiveness in real-world scenarios.The growing sophistication of malware continues to expose the weaknesses in these conventional methods,underscoring the need for innovative solutions.Following this,the paper systematically summarizes the latest research advancements in imagingbased malware detection methods.This involves tran

关 键 词：恶意软件 检测与分类 混淆技术 深度学习 图像化方法 数据集 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]