基于Ngram-TFIDF的深度恶意代码可视化分类方法
Deep visualization classification method for malicious code based on Ngram-TFIDF
- 通信学报 2024年45卷第6期 页码:160-175
- 作者机构:
1.南京信息工程大学计算机学院,江苏 南京 210044
2.中国科学技术大学网络空间安全学院,安徽 合肥 230031
3.信息工程大学网络空间安全学院,河南 郑州 450001
4.齐鲁工业大学网络空间安全学院,山东 济南 250353
- 作者简介:
[ "王金伟(1978- ),男,内蒙古呼伦贝尔人,博士,南京信息工程大学教授,主要研究方向为多媒体版权保护、多媒体取证、多媒体加密和数据认证。" ]
[ "陈正嘉(1999- ),男,江苏徐州人,南京信息工程大学硕士生,主要研究方向为网络安全、信息安全、恶意软件检测。" ]
[ "谢雪(1989- ),男,吉林长春人,中国科学技术大学博士生,主要研究方向为网络安全、多媒体取证。" ]
[ "罗向阳(1978- ),男,湖北荆门人,信息工程大学教授,主要研究方向为图像隐写和隐写分析技术。" ]
[ "马宾(1973- ),男,山东济宁人,齐鲁工业大学教授,主要研究方向为可逆信息隐藏、多媒体取证、隐写与隐写分析。" ]
- 基金信息:国家自然科学基金资助项目(62072250;62172435;U20B2065);中原科技创新领军人才基金资助项目;Zhongyuan Science and Technology Innovation Leading Talent Project(214200510019);江苏自然科学基金资助项目(BK20200750);河南省网络空间态势感知重点实验室开放基金资助项目(HNTS2022002);山东省计算机网络重点实验室开放课题基金资助项目(SDKLCN-2022-05)
DOI:10.11959/j.issn.1000-436x.2024115
中图分类号: TP309收稿:2023-11-28,
修回:2024-05-27,
纸质出版:2024-06-25
- 稿件说明:
移动端阅览
王金伟,陈正嘉,谢雪等.基于Ngram-TFIDF的深度恶意代码可视化分类方法[J].通信学报,2024,45(06):160-175.
WANG Jinwei,CHEN Zhengjia,XIE Xue,et al.Deep visualization classification method for malicious code based on Ngram-TFIDF[J].Journal on Communications,2024,45(06):160-175.
王金伟,陈正嘉,谢雪等.基于Ngram-TFIDF的深度恶意代码可视化分类方法[J].通信学报,2024,45(06):160-175. DOI: 10.11959/j.issn.1000-436x.2024115.
WANG Jinwei,CHEN Zhengjia,XIE Xue,et al.Deep visualization classification method for malicious code based on Ngram-TFIDF[J].Journal on Communications,2024,45(06):160-175. DOI: 10.11959/j.issn.1000-436x.2024115.
摘要
随着恶意代码规模和种类的不断增加,传统恶意代码分析方法由于依赖于人工提取特征,变得耗时且易出错,因此不再适用。为了提高检测效率和准确性,提出了一种基于Ngram-TFIDF的深度恶意代码可视化分类方法。结合N-gram和TF-IDF技术对恶意代码数据集进行处理,并将其转化为灰度图。随后,引入CBAM并调整密集块数量,构建DenseNet88_CBAM网络模型用于灰度图分类。实验结果表明,所提方法在恶意代码家族分类和类型分类上分别提高了1.11%和9.28%的准确率,取得了优越的分类效果。
Abstract
With the continuous increase in the scale and variety of malware
traditional malware analysis methods
which relied on manual feature extraction
become time-consuming and error-prone
rendering them unsuitable. To improve detection efficiency and accuracy
a deep visualization classification method for malicious code based on Ngram-TFIDF was proposed. The malware dataset was processed by combining N-gram and TF-IDF techniques
transforming it into grayscale images. Subsequently
the CBAM was introduced and the number of dense blocks was adjusted to construct the DenseNet88_CBAM network model for grayscale image classification. Experimental results demonstrate that the proposed method achieves superior classification performance
with accuracy improvements of 1.11% and 9.28% in malware family classification and type classification
respectively.
关键词
Keywords
references
IWAMOTO K , WASAKI K . Malware classification based on extracted API sequences using static analysis [C ] // Proceedings of the 8th Asian Internet Engineering Conference . New York : ACM Press , 2012 : 31 - 38 .
IMRAN M , AFZAL M T , QADIR M A . Similarity-based malware classification using hidden Markov model [C ] // Proceedings of the 2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec) . Piscataway : IEEE Press , 2015 : 129 - 134 .
HARDY W , CHEN L W , HOU S F , et al . DL4MD: A deep learning framework for intelligent malware detection [C ] // Proceedings of the International Conference on Data Mining (ICDATA) . Piscataway : IEEE Press , 2016 : 61 - 67 .
SCHULTZ M G , ESKIN E , ZADOK F , et al . Data mining methods for detection of new malicious executables [C ] // Proceedings of the 2001 IEEE Symposium on Security and Privacy . Piscataway : IEEE Press , 2001 : 38 - 49 .
KOLTER J Z , MALOOF M A . Learning to detect malicious executables in the wild [C ] // Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining . New York : ACM Press , 2004 : 470 - 478 .
KOLTER J Z , MALOOF M A . Learning to detect and classify malicious executables in the wild [J ] . Journal of Machine Learning Research , 2006 , 6 : 2721 - 2744 .
KANG B , YERIMA S Y , MCLAUGHLIN K , et al . N-opcode analysis for android malware classification and categorization [C ] // Proceedings of the 2016 International Conference on Cyber Security and Protection of Digital Services (Cyber Security) . Piscataway : IEEE Press , 2016 : 1 - 7 .
KONG D G , YAN G H . Discriminant malware distance learning on structural information for automated malware classification [C ] // Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining . New York : ACM Press , 2013 : 1357 - 1365 .
LI B , ROUNDY K , GATES C , et al . Large-scale identification of malicious singleton files [C ] // Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy . New York : ACM Press , 2017 : 227 - 238 .
KUMAR A , KUPPUSAMY K S , AGHILA G . A learning model to detect maliciousness of portable executable using integrated feature set [J ] . Journal of King Saud University - Computer and Information Sciences , 2019 , 31 ( 2 ): 252 - 265 .
FIRDAUSI I , LIM C , ERWIN A , et al . Analysis of machine learning techniques used in behavior-based malware detection [C ] // Proceedings of the 2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies . Piscataway : IEEE Press , 2010 : 201 - 203 .
ZOLKIPLI M F , JANTAN A . An approach for malware behavior identification and classification [C ] // Proceedings of the 2011 3rd International Conference on Computer Research and Development . Piscataway : IEEE Press , 2011 : 191 - 194 .
Microsoft malware classification challenge (big 2015) [R ] . 2017 .
NATARAJ L , KARTHIKEYAN S , JACOB G , et al . Malware images: visualization and automatic classification [C ] // Proceedings of the 8th International Symposium on Visualization for Cyber Security . New York : ACM Press , 2011 : 1 - 7 .
NATARAJ L , YEGNESWARAN V , PORRAS P , et al . A comparative assessment of malware classification using binary texture analysis and dynamic analysis [C ] // Proceedings of the 4th ACM workshop on Security and artificial intelligence . New York : ACM Press , 2011 : 21 - 30 .
LIU L , WANG B S , YU B , et al . Automatic malware classification and new malware detection using machine learning [J ] . Frontiers of Information Technology & Electronic Engineering , 2017 , 18 ( 9 ): 1336 - 1347 .
FU J W , XUE J F , WANG Y , et al . Malware visualization for fine-grained classification [J ] . IEEE Access , 2018 , 6 : 14510 - 14523 .
刘亚姝 , 王志海 , 严寒冰 , 等 . 抗混淆的恶意代码图像纹理特征描述方法 [J ] . 通信学报 , 2018 , 39 ( 11 ): 44 - 53 .
LIU Y S , WANG Z H , YAN H B , et al . Method of anti-confusion texture feature descriptor for malware images [J ] . Journal on Communications , 2018 , 39 ( 11 ): 44 - 53 .
郎大鹏 , 丁巍 , 姜昊辰 , 等 . 基于多特征融合的恶意代码分类算法 [J ] . 计算机应用 , 2019 , 39 ( 8 ): 2333 - 2338 .
LANG D P , DING W , JIANG H C , et al . Malicious code classification algorithm based on multi-feature fusion [J ] . Journal of Computer Applications , 2019 , 39 ( 8 ): 2333 - 2338 .
KALASH M , ROCHAN M , MOHAMMED N , et al . Malware classification with deep convolutional neural networks [C ] // Proceedings of the 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS) . Piscataway : IEEE Press , 2018 : 1 - 5 .
VASAN D , ALAZAB M , WASSAN S , et al . IMCFN: Image-based malware classification using fine-tuned convolutional neural network architecture [J ] . Computer Networks , 2020 , 171 : 107138 .
王润正 , 高见 , 仝鑫 , 等 . 融合注意力机制的恶意代码家族分类研究 [J ] . 计算机科学与探索 , 2021 , 15 ( 5 ): 881 - 892 .
WANG R Z , GAO J , TONG X , et al . Research on malicious code family classification combining attention mechanism [J ] . Journal of Frontiers of Computer Science and Technology , 2021 , 15 ( 5 ): 881 - 892 .
PINHERO A , M L A , VINOD P , et al . Malware detection employed by visualization and deep neural network [J ] . Computers & Security , 2021 , 105 : 102247 .
ANANDHI V , VINOD P , MENON V G . Malware visualization and detection using DenseNets [J ] . Personal and Ubiquitous Computing , 2024 , 28 ( 1 ): 153 - 169 .
HUANG X , MA L , YANG W Y , et al . A method for windows malware detection based on deep learning [J ] . Journal of Signal Processing Systems , 2021 , 93 ( 2 ): 265 - 273 .
MOUSSAS V , ANDREATOS A . Malware detection based on code visualization and two-level classification [J ] . Information , 2021 , 12 ( 3 ): 118 .
DAREM A , ABAWAJY J , MAKKAR A , et al . Visualization and deep-learning-based malware variant detection using OpCode-level features [J ] . Future Generation Computer Systems , 2021 , 125 : 314 - 323 .
CONTI M , KHANDHAR S , VINOD P . A few-shot malware classification approach for unknown family recognition using malware feature visualization [J ] . Computers & Security , 2022 , 122 : 102887 .
FALANA O J , SODIYA A S , ONASHOGA S A , et al . Mal-Detect: an intelligent visualization approach for malware detection [J ] . Journal of King Saud University - Computer and Information Sciences , 2022 , 34 ( 5 ): 1968 - 1983 .
CHAGANTI R , RAVI V , PHAM T D . Image-based malware representation approach with EfficientNet convolutional neural networks for effective malware classification [J ] . Journal of Information Security and Applications , 2022 , 69 : 103306 .
MALLIK A , KHETARPAL A , KUMAR S . ConRec: malware classification using convolutional recurrence [J ] . Journal of Computer Virology and Hacking Techniques , 2022 , 18 ( 4 ): 297 - 313 .
CHAUHAN D , SINGH H , HOODA H , et al . Classification of malware using visualization techniques [C ] // International Conference on Innovative Computing and Communications . Berlin : Springer , 2022 : 739 - 750 .
SPÄRCK JONES K . A statistical interpretation of term specificity and its application in retrieval [J ] . Journal of Documentation , 2004 , 60 ( 5 ): 493 - 502 .
HUANG G , LIU Z , VAN DER MAATEN L , et al . Densely connected convolutional networks [C ] // Proceedings of the 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE Press , 2017 : 2261 - 2269 .
WOO S , PARK J , LEE J Y , et al . CBAM: convolutional block attention module [C ] // European Conference on Computer Vision . Berlin : Springer , 2018 : 3 - 19 .
HE K M , ZHANG X Y , REN S Q , et al . Deep residual learning for image recognition [C ] // Proceedings of the 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway : IEEE Press , 2016 : 770 - 778 .
SIMONYAN K , ZISSERMAN A . Very deep convolutional networks for large-scale image recognition [C ] // International Conference on Learning Representations . Berlin : Springer , 2015 : 1 - 14 .
GAO S H , CHENG M M , ZHAO K , et al . Res2Net: a new multi-scale backbone architecture [J ] . IEEE Transactions on Pattern Analysis and Machine Intelligence , 2021 , 43 ( 2 ): 652 - 662 .
王博 , 蔡弘昊 , 苏旸 . 基于VGGNet的恶意代码变种分类 [J ] . 计算机应用 , 2020 , 40 ( 1 ): 162 - 167 .
WANG B , CAI H H , SU Y . Classification of malicious code variants based on VGGNet [J ] . Journal of Computer Applications , 2020 , 40 ( 1 ): 162 - 167 .
蒋考林 , 白玮 , 张磊 , 等 . 基于多通道图像深度学习的恶意代码检测 [J ] . 计算机应用 , 2021 , 41 ( 4 ): 1142 - 1147 .
JIANG K L , BAI W , ZHANG L , et al . Malicious code detection based on multi-channel image deep learning [J ] . Journal of Computer Applications , 2021 , 41 ( 4 ): 1142 - 1147 .
HARALICK R M , SHANMUGAM K , DINSTEIN I . Textural features for image classification [J ] . IEEE Transactions on Systems, Man, and Cybernetics , 1973 , 3 ( 6 ): 610 - 621 .
0
浏览量
833
下载量
0
CSCD
- 网络PDF下载
- WORD下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:584030 今日访问量:1846