节点文献

一种融合图像空间特征注意力机制的恶意代码识别模型

A Malicious Code Recognition Model Fusing Image Spatial Feature Attention Mechanism

  • 推荐 CAJ下载
  • PDF下载
  • 不支持迅雷等下载工具,请取消加速工具后下载。

【作者】 刘军武志超吴建谭振华

【Author】 LIU Jun;WU Zhichao;WU Jian;TAN Zhenhua;Networking Center, Northeastern University;Software College of Northeastern University;

【通讯作者】 谭振华;

【机构】 东北大学网络中心东北大学软件学院

【摘要】 恶意代码识别对保护计算机使用者的隐私、优化计算资源具有积极意义。现存恶意代码识别模型通常会将恶意代码转换为图像,再通过深度学习技术对图像进行分类。经恶意代码识别模型转换后的图像呈现两个特点,一是图像的末尾通常被填充上黑色像素,使图像中存在明显的重点特征(即代码部分)和非重点特征(即填充部分),二是代码之间具有语义特征相关性,而在将它们按顺序转换成像素时,这种相关性也在像素之间保留。然而,现有恶意代码检测模型没有针对恶意代码的特点设计,这导致对恶意图像在深层次特征提取方面的能力相对偏弱。鉴于此,文章提出了一种新的恶意代码检测模型,特别针对恶意图像的两个关键特点进行了设计。首先,将原始的恶意代码转换成图像,并对其进行预处理。然后通过一个FA-SA模块提取重点特征,并通过两个FA-SeA模块捕捉像素之间的相关性特征。文章所提模型不仅简化了恶意代码检测的网络结构,还提升了深层次特征提取能力及检测准确率。实验结果表明,文章融合注意力模块的方法对提升模型的识别效果具有显著帮助。在Malimg数据集上,恶意代码识别准确率达到了96.38%,比现存基于CNN的模型提高了3.56%。

【Abstract】 When converted into images, malicious software exhibits two prominent characteristics. Firstly, during the visualization process, black pixels are typically added to pad the end of the file, creating a distinct separation in the image between significant features(code part) and non-significant features(filled part). Secondly, there is a semantic feature correlation among code segments that is preserved in sequential pixel conversion. While existing models for malicious code detection have achieved reasonably good recognition results to some extent, they have not been specifically designed to leverage the unique traits of malicious code. Consequently, their capability to extract deep-level features from malicious images has been relatively weak and often requires complex model architectures.Therefore, this paper proposed a novel model for detecting malicious code that addressed two key characteristics of malicious images. Firstly by transforming original malicious code into images and applying preprocessing techniques. Secondly by utilizing an FA-SA module for extracting key features along with two FA-SeA modules for capturing pixel-wise correlations.This model not only simplifies the architecture but also enhances its capability for deep-level feature extraction thereby improving detection accuracy. On the Malimg dataset, our model achieves an accuracy of 96.38%, representing a 3.56% improvement compared to previous CNN-based models. Experimental results highlight the effectiveness of designing network models based on the characteristics of malicious images with significant contributions from our proposed fusion attention module towards enhancing recognition performance.

【基金】 国家自然科学基金[61772125]
  • 【文献出处】 信息网络安全 ,Netinfo Security , 编辑部邮箱 ,2023年12期
  • 【分类号】TP391.41
  • 【下载频次】9
节点文献中: 

本文链接的文献网络图示:

本文的引文网络