|
|
基于深度学习的端到端恶意软件检测方法研究
|
Abstract:
目前恶意软件对网络安全构成了严重威胁,现有基于机器学习的恶意软件检测方法,需要恶意软件分析师花费大量时间和精力来构建动态或静态特征,因此在实践中难以应用。为有效缓解上述问题,提出了一种基于深度学习的端到端恶意软件检测方法。与传统检测方法相比,所提方法具有端到端学习过程的优势。首先,提取恶意软件的前n字节,其中包含恶意软件关键信息作为模型输入;然后,基于卷积神经网络设计一种新的深度学习模型,引入残差网络和多头注意力机制,提高模型对不同输入的适应性以及对于复杂特征的提取能力。最后,经实验验证表明,该方法资源消耗低,并大大提升了检测精度。
At present, malware poses a serious threat to network security. Existing malware detection methods based on machine learning require malware analysts to spend a lot of time and energy to construct dynamic or static features, so they are difficult to apply in practice. To effectively alleviate the above problems, an end-to-end malware detection method based on deep learning is proposed. Compared with traditional detection methods, the proposed method has the advantage of an end-to-end learning process. First, the first n bytes of malware are extracted, which contain key information of malware as the model input. Then, a new deep learning model is designed based on convolutional neural network, and residual network and multi-head attention mechanism are introduced to improve the adaptability of the model to different inputs and the ability to extract complex features. Finally, experimental verification shows that this method has low resource consumption and greatly improves the detection accuracy.
| [1] | Maniriho, P., Mahmood, A.N. and Chowdhury, M.J.M. (2023) API-Maldetect: Automated Malware Detection Framework for Windows Based on API Calls and Deep Learning Techniques. Journal of Network and Computer Applications, 218, Article 103704. https://doi.org/10.1016/j.jnca.2023.103704 |
| [2] | Zhu, H., Wei, H., Wang, L., Xu, Z. and Sheng, V.S. (2023) An Effective End-to-End Android Malware Detection Method. Expert Systems with Applications, 218, Article 119593. https://doi.org/10.1016/j.eswa.2023.119593 |
| [3] | Hou, Z., Li, X., Li, L., Yuan, J. and Deng, K. (2022) An End-to-End Raw Bytes Based Malware Classifier via Self-Attention Residual Convolutional Network. 2022 IEEE 8th International Conference on Computer and Communications (ICCC), Chengdu, 9-12 December 2022, 1666-1670. https://doi.org/10.1109/iccc56324.2022.10065922 |
| [4] | 陈岑, 李暖暖, 蔡军飞, 等. 基于动态行为特征加权聚类的加壳恶意软件未知变种检测方法[J]. 重庆大学学报, 2023, 46(3): 129-136. |
| [5] | 欧阳坜伶, 彭国军. 面向安卓系统的环境感知API自动化检测方案[J/OL]. 武汉大学学报(理学版), 1-13. https://doi.org/10.14188/j.1671-8836.2023.0176, 2024-11-02. |
| [6] | 王金华. 端到端的基于深度学习的网络入侵检测方法[J]. 通信技术, 2022, 55(6): 762-770. |
| [7] | Dieleman, S. and Schrauwen, B. (2014) End-to-End Learning for Music Audio. 2014 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Florence, 4-9 May 2014, 6964-6968. https://doi.org/10.1109/icassp.2014.6854950 |
| [8] | Gopinath, M. and Sethuraman, S.C. (2023) A Comprehensive Survey on Deep Learning Based Malware Detection Techniques. Computer Science Review, 47, Article 100529. |
| [9] | Coull, S.E. and Gardner, C. (2019) Activation Analysis of a Byte-Based Deep Neural Network for Malware Classification. 2019 IEEE Security and Privacy Workshops (SPW), San Francisco, 19-23 May 2019, 21-27. https://doi.org/10.1109/spw.2019.00017 |
| [10] | Karpathy, A., Toderici, G., Shetty, S., Leung, T., Sukthankar, R. and Fei-Fei, L. (2014) Large-Scale Video Classification with Convolutional Neural Networks. 2014 IEEE Conference on Computer Vision and Pattern Recognition, Columbus, 23-28 June 2014, 1725-1732. https://doi.org/10.1109/cvpr.2014.223 |
| [11] | Snow, E., Alam, M., Glandon, A. and Iftekharuddin, K. (2020) End-to-End Multimodel Deep Learning for Malware Classification. 2020 International Joint Conference on Neural Networks (IJCNN), Glasgow, 19-24 July 2020, 1-7. https://doi.org/10.1109/ijcnn48605.2020.9207120 |
| [12] | 卢法权, 陈丹伟. 基于改进CNN-LSTM融合的僵尸网络识别方法[J]. 计算机应用与软件, 2024, 41(3): 328-335. |
| [13] | Vaswani, A. (2017) Attention Is All You Need. Advances in Neural Information Processing Systems, 30, 5998-6008. |
| [14] | Voita, E., Talbot, D., Moiseev, F., Sennrich, R. and Titov, I. (2019) Analyzing Multi-Head Self-Attention: Specialized Heads Do the Heavy Lifting, the Rest Can Be Pruned. Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics, Florence, July 2019, 5797-5808. https://doi.org/10.18653/v1/p19-1580 |
| [15] | Khan, R.U., Zhang, X. and Kumar, R. (2018) Analysis of Resnet and GoogleNet Models for Malware Detection. Journal of Computer Virology and Hacking Techniques, 15, 29-37. https://doi.org/10.1007/s11416-018-0324-z |
| [16] | Raff, E., Barker, J., Sylvester, J., et al. (2018) Malware Detection by Eating a Whole Exe. Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence, New Orleans. 2-7 February 2018, 292-300. |
| [17] | Kakisim, A.G., Gulmez, S. and Sogukpinar, I. (2022) Sequential Opcode Embedding-Based Malware Detection Method. Computers & Electrical Engineering, 98, Article 107703. https://doi.org/10.1016/j.compeleceng.2022.107703 |
| [18] | 李道全, 李玉秀, 任大用. 小样本下基于决策树-SNN的恶意流量检测方法[J]. 计算机工程与应用, 2023, 59(21): 258-266. |
| [19] | Luo, X., Fan, H., Yin, L., Jia, S., Zhao, K. and Yang, H. (2024) CAG-Malconv: A Byte-Level Malware Detection Method with CBAM and Attention-GRU. IEEE Transactions on Network and Service Management, 21, 5859-5872. https://doi.org/10.1109/tnsm.2024.3424565 |
| [20] | 李红娇, 顾凡. 基于多注意力Bi-LSTM的恶意软件预测[J]. 计算机工程与设计, 2023, 44(12): 3529-3535. |
| [21] | 高玮玮, 杨亦乐, 方宇, 等. 多特征尺度融合改进Faster-RCNN视网膜微动脉瘤自动检测算法[J]. 光子学报, 2023, 52(4): 228-239. |
| [22] | Fang, Y., Zhang, C., Huang, C., Liu, L. and Yang, Y. (2019) Phishing Email Detection Using Improved RCNN Model with Multilevel Vectors and Attention Mechanism. IEEE Access, 7, 56329-56340. https://doi.org/10.1109/access.2019.2913705 |
| [23] | 王相月, 赵利辉. 基于多阶段特征选择和CNN-GRU的网络入侵检测模型[J]. 中北大学学报(自然科学版), 2024, 45(1): 66-73. |
| [24] | 盛振威, 徐国天. 基于融合CNN与GRU的DGA恶意域名检测方法[J]. 网络安全技术与应用, 2022(12): 29-32. |
| [25] | Yang, L. and Liu, J. (2020) Tuningmalconv: Malware Detection with Not Just Raw Bytes. IEEE Access, 8, 140915-140922. https://doi.org/10.1109/access.2020.3014245 |
