摘要
随着恶意代码规模和种类的不断增加,传统恶意代码分析方法由于依赖于人工提取特征,变得耗时且易出错,因此不再适用。为了提高检测效率和准确性,提出了一种基于Ngram-TFIDF的深度恶意代码可视化分类方法。结合N-gram和TF-IDF技术对恶意代码数据集进行处理,并将其转化为灰度图。随后,引入CBAM并调整密集块数量,构建DenseNet88_CBAM网络模型用于灰度图分类。实验结果表明,所提方法在恶意代码家族分类和类型分类上分别提高了1.11%和9.28%的准确率,取得了优越的分类效果。
With the continuous increase in the scale and variety of malware,traditional malware analysis methods,which relied on manual feature extraction,become time-consuming and error-prone,rendering them unsuitable.To improve detection efficiency and accuracy,a deep visualization classification method for malicious code based on Ngram-TFIDF was proposed.The malware dataset was processed by combining N-gram and TF-IDF techniques,transforming it into grayscale images.Subsequently,the CBAM was introduced and the number of dense blocks was adjusted to construct the DenseNet88_CBAM network model for grayscale image classification.Experimental results demonstrate that the proposed method achieves superior classification performance,with accuracy improvements of 1.11%and 9.28%in malware family classification and type classification,respectively.
作者
王金伟
陈正嘉
谢雪
罗向阳
马宾
WANG Jinwei;CHEN Zhengjia;XIE Xue;LUO Xiangyang;MA Bin(School of Computer,Nanjing University of Information Science and Technology,Nanjing 210044,China;School of Cyber Science and Technology,University of Science and Technology of China,Hefei 230031,China;School of Cyber Science and Technology,Information Engineering University,Zhengzhou 450001,China;School of Cyberspace Security,Qilu University of Technology,Jinan 250353,China)
出处
《通信学报》
EI
CSCD
北大核心
2024年第6期160-175,共16页
Journal on Communications
基金
国家自然科学基金资助项目(No.62072250,No.62172435,No.U20B2065)
中原科技创新领军人才基金资助项目(No.214200510019)
江苏自然科学基金资助项目(No.BK20200750)
河南省网络空间态势感知重点实验室开放基金资助项目(No.HNTS2022002)
山东省计算机网络重点实验室开放课题基金资助项目(No.SDKLCN-2022-05)。
关键词
深度学习
数据可视化
恶意代码检测和分类
deep learning
data visualization
malicious code detection and classification
