摘要
近年来,恶意代码变种层出不穷,恶意软件更具隐蔽性和持久性,亟需快速有效的检测方法来识别恶意样本。针对现状,文中提出了一种基于知识蒸馏的恶意代码家族检测方法,该模型通过逆向反编译恶意样本,利用恶意代码可视化技术将二进制文本转为图像,以此避免对传统特征工程的依赖。在教师网络模型中采用残差网络,在提取图像纹理深层次特征的同时,引入通道域注意力机制,根据通道权重的变化,来提取图像中的关键信息。为了加快对待检测样本的识别效率,解决基于深度神经网络检测模型参数量大和计算资源消耗严重等问题,使用教师网络模型来指导学生网络模型训练,实验结果表明学生网络在降低模型复杂度的同时,保持了恶意代码家族的检测效果,有利于对批量样本的检测和移动端的部署。
In recent years,the variety of malicious code emerges in an endless stream,and malware is more covert and persistent.It is urgent to identify malicious samples by rapid and effective detection methods.Aiming at the present situation,a method of malicious code family detection based on knowledge distillation is proposed.The model decompiles malicious samples in reverse and transforms binary text into images by malicious code visualization technology,so as to avoid dependence on traditional feature engineering.In the teacher network model,residual network is used to extract the deep-seated features of image texture,and channel domain attention mechanism is introduced to extract the key information from the image according to the change of channel weight.In order to speed up the identification efficiency of the samples to be tested and solve the problems of large parameters and serious consumption of computing resources based on deep neural network detection model,the teacher network model is used to guide the training of the student network model.The results show that the student network maintains the detection effect of malicious code family on the basis of reducing the complexity of the model.It is conducive to the detection of batch samples and the deployment of mobile terminal.
作者
王润正
高见
黄淑华
仝鑫
WANG Run-zheng;GAO Jian;HUANG Shu-hua;TONG Xin(College of Information and Cyber Security,People’s Public Security University of China,Beijing 100038,China;Key Laboratory of Safety Precautions and Risk Assessment,Beijing 102623,China)
出处
《计算机科学》
CSCD
北大核心
2021年第1期280-286,共7页
Computer Science
基金
国家重点研发计划
国家社会科学基金重点项目(20AZD114)
公安部科技强警基础工作2020专项(2020GABJC01)
中国人民公安大学中央基本科研业务费项目(2019JKF218)。
关键词
恶意家族
知识蒸馏
注意力机制
残差网络
Malicious family
Knowledge distillation
Attention mechanism
Residual network
