首页 | 本学科首页   官方微博 | 高级检索  
     

Attention-CNN在恶意代码检测中的应用研究
引用本文:马丹,万良,程琪芩,孙志强. Attention-CNN在恶意代码检测中的应用研究[J]. 计算机科学与探索, 2021, 15(4): 670-681. DOI: 10.3778/j.issn.1673-9418.2004069
作者姓名:马丹  万良  程琪芩  孙志强
作者单位:贵州大学 计算机科学与技术学院,贵阳 550025;贵州大学 计算机软件与理论研究所,贵阳 550025
摘    要:恶意代码攻击已经成为互联网最重要的威胁之一,并且现存的恶意代码数据庞大,特征多样.为了更好地提取恶意代码特征以及掌握恶意代码的行为,提出了基于注意力机制的Attention-CNN恶意代码检测模型.首先结合卷积神经网络(CNN)和注意力机制,构建了Attention-CNN恶意代码检测模型;然后将恶意代码转化为灰度图像...

关 键 词:恶意代码检测  卷积神经网络(CNN)  注意力机制  字节序列  人工分析

Research on Application of Attention-CNN in Malware Detection
MA Dan,WAN Liang,CHENG Qiqin,SUN Zhiqiang. Research on Application of Attention-CNN in Malware Detection[J]. Journal of Frontier of Computer Science and Technology, 2021, 15(4): 670-681. DOI: 10.3778/j.issn.1673-9418.2004069
Authors:MA Dan  WAN Liang  CHENG Qiqin  SUN Zhiqiang
Affiliation:(College of Computer Science and Technology,Guizhou University,Guiyang 550025,China;Institute of Computer Software and Theory,Guizhou University,Guiyang 550025,China)
Abstract:The attack of malware has become one of the most major threats to the Internet. What's more, the existing malware data are huge and have multiple features. In order to extract the characteristics better and master the behaviors of malware, Attention-CNN malware detection model based on attention mechanism is proposed. Firstly,the Attention-CNN is constructed by combining convolutional neural network(CNN) and the attention mechanism.Secondly, the malwares are transformed into gray-scale images as the input of the detection model. The attention maps and detection results corresponding to the malware are obtained by training and testing the Attention-CNN model. Eventually, the important byte sequences extracted from the attention map are used for manual analysis to reveal the behaviors of malware. Experimental results show that, Attention-CNN can get better detection results than SVM(support vector machine), random forest, J48.trees and CNN without attention mechanism. Meanwhile,Attention-CNN improves the detection accuracy by 4.3 percentage points compared with vsNet. Moreover, the important byte sequences extracted from the attention map can effectively reduce the burden of manual analysis and obtain the relevant behaviors of malware, and make up for the non-interpretability of malware detection in the form of gray-scale image.
Keywords:malware detection  convolutional neural network(CNN)  attention mechanism  byte sequences  manual analysis
本文献已被 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号