| 基于静态多特征融合的恶意软件分类方法 |
| |
| 作者姓名: | 孙博文 黄炎裔 温俏琨 田斌 吴鹏 李祺 |
| |
| 作者单位: | 1. 北京邮电大学网络空间安全学院天地互联与融合北京市重点实验室,北京 100876;2. 北京邮电大学国际学院,北京 100876;3. 中国信息安全测评中心,北京 100085;4. 四川大学计算机学院,四川 成都 610015 |
| |
| 基金项目: | 国家自然科学基金资助项目(U1536119);国家自然科学基金资助项目(61401038) |
| |
| 摘 要: | 近年来,恶意软件呈现出爆发式增长势头,新型恶意样本携带变异性和多态性,通过多态、加壳、混淆等方式规避传统恶意代码检测方法。基于大规模恶意样本,设计了一种安全、高效的恶意软件分类的方法,通过提取可执行文件字节视图、汇编视图、PE 视图3个方面的静态特征,并利用特征融合和分类器集成学习2种方式,提高模型的泛化能力,实现了特征与分类器之间的互补,实验证明,在样本上取得了稳定的F1-score(93.56%)。
|
| 关 键 词: | 恶意软件 家族分类 静态分析 机器学习 模型融合 |
Malware classification method based on static multiple-feature fusion |
| |
| Authors: | Bo-wen SUN Yan-yi HUANG Qiao-kun WEN Bin TIAN Peng WU Qi LI |
| |
| Affiliation: | 1. Beijing Key Laboratory of Interconnection and Integration,School of Cyberspace Security,Beijing University of Post and Telecommunications,Beijing 100876,China;2. International School,Beijing University of Post and Telecommunications,Beijing 100876,China;3. China Information Technology Security Evaluation Center,Beijing 100085,China;4. College of Computer Science Sichuan University,Chengdu 610015,China |
| |
| Abstract: | In recent years,the amount of the malwares has tended to rise explosively.New malicious samples emerge as variability and polymorphism.By means of polymorphism,shelling and confusion,traditional ways of detecting can be avoided.On the basis of massive malicious samples,a safe and efficient method was designed to classify the mal-wares.Extracting three static features including file byte features,assembly features and PE features,as well as im-proving generalization of the model through feature fusion and ensemble learning,which realized the complementarity between the features and the classifier.The experiments show that the sample achieve a stable F1-socre (93.56%). |
| |
| Keywords: | malware family classification static analysis machine learning model fusion |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|
