摘要
深度学习赋能的恶意代码攻防研究已经成为网络安全领域中的热点问题.当前还没有针对这一热点问题的相关综述,为了及时跟进该领域的最新研究成果,本文首先分析并总结了恶意代码攻击的一般流程.基于该攻击流程,本文对深度学习的赋能攻击点和赋能防御点进行了定位,将深度学习助力攻击的技术分为5类:(1)基于对抗样本生成的自动化免杀;(2)基于自然语言生成的自动化网络钓鱼;(3)基于神经网络的精准定位与打击;(4)基于生成对抗网络的流量模仿;(5)基于黑盒模型的攻击意图隐藏,并将深度学习助力防御的新型技术分为3类:(1)基于深度学习的恶意代码查杀;(2)自动化网络钓鱼识别;(3)深度学习赋能的恶意行为检测;其次,基于以上分类,本文对恶意代码攻防研究中的前沿技术进行了综述,并从技术原理、实际可行性、发展趋势等不同的角度对这些技术进行了深入剖析;再者,由于深度学习的伴生安全问题与其在恶意代码攻防领域的赋能安全问题紧密相关,本文对其中代表性的模型后门攻击与防御的相关技术也进行了关注;之后,本文分析并总结了当前深度学习赋能的恶意代码攻防研究领域中的主要研究方向,并对其未来的发展趋势进行了讨论;最后,深度学习赋能的恶意代码攻防研究才刚刚起步,基于恶意代码攻击链的更多可能的赋能攻击与防御点有待研究者继续探索和发掘.此外,深度学习助力恶意代码攻防的一大挑战是数据集的限制,如何建立有效、公开的数据集供研究者使用,这也是一个非常值得思考和研究的问题.
The research on deep learning-powered malware attack and defense techniques has become a hot issue in the field of cybersecurity.To the best of our knowledge,there are no relevant review on this burning issue at present,and our review is the first work.In order to follow up on the latest research results in this field,this article first analyzes and summarizes the general malware attack process.Based on this attack process,this article locates the attack points and defense points powered by deep learning.The deep learning-assisted attack technologies are divided into five categories:(1) Automated virus evasion based on adversarial sample generation,corresponding to the "preparation" stage in the malware attack process,(2) Automated phishing based on natural language generation,corresponding to the "delivery" stage in the malware attack process,(3) Pinpoint and strike based on neural networks,corresponding to the "impact"stages in the malware attack process,(4) Traffic imitation based on generative adversarial networks,corresponding to the "command and control"and "evasion" stages in the malware attack process,(5) The black-box model-based attack intent hiding,corresponding to the "evasion" stage in the malware attack process.In addition,the deep learning-assisted defense technologies are divided into three categories:(1) Malware resistance based on deep learning,which is a defense technology for the "engagement"and "presence"stages;(2) Automated phishing recognition,which is a defense technology for the "delivery" stage;and(3) Malicious behavior detection powered by deep learning,which is a defense technology for the two stages of "impact" and "command and control".Secondly,based on the above classification,this article reviews the cutting-edge technologies in this field.Also,it analyzes these technologies in depth from different perspectives,such as technical principles,practical feasibility,and development trends.Furthermore,due to the accompanying security issues of deep learning is closely related to deep lea
作者
冀甜甜
方滨兴
崔翔
王忠儒
甘蕊灵
韩宇
余伟强
JI Tian-Tian;FANG Bin-Xing;CUI Xiang;WANG Zhong Ru;GAN Rui-Lingl;HAN Yu;YU Wei-Qiang(Kesy Laboralory of Trustworihy Dislribuled Compuling and Service(BUPT),Minislry of Educalion,Beijing Universily of Posls and Telecommunicalions,Beijing,100876;Cyberspace Insiule of Advanced Technology,Gruang zhou Universily,Gruangzhou,51006;Chinese Academy of Cybers pace Suudies.Beijing,100010;Beijing DigApis TechnologyCo.,Lld,Beijing,100081)
出处
《计算机学报》
EI
CAS
CSCD
北大核心
2021年第4期669-695,共27页
Chinese Journal of Computers
基金
广东省重点领域研发计划(2019B010137004,2019B010136003)
北京邮电大学博士生创新基金资助项目(CX2019115)资助。
关键词
恶意代码
深度学习
赋能攻击
赋能防御
攻击链
malware
deep learning
AI-Powered Attack
AI-Powered Defense
attack chain
