网络与信息安全学报2024,Vol.10Issue(1):123-135,13.DOI:10.11959/j.issn.2096-109x.2024002
基于注意力与门控机制的多特征融合恶意软件检测方法
Multi-feature fusion malware detection method based on attention and gating mechanisms
摘要
Abstract
With the rapid development of network technology,the number and variety of malware have been increasing,posing a significant challenge in the field of network security.However,existing single-feature malware detection meth-ods have proven inadequate in representing sample information effectively.Moreover,multi-feature detection approaches also face limitations in feature fusion,resulting in an inability to learn and comprehend the complex relationships within and between features.These limitations ultimately lead to subpar detection results.To address these issues,a malware de-tection method called MFAGM was proposed,which focused on multimodal feature fusion.By processing the.asm and.bytes files of the dataset,three key features belonging to two types(opcode statistics sequences,API sequences,and grey-scale image features)were successfully extracted.This comprehensive characterization of sample information from multiple perspectives aimed to improve detection accuracy.In order to enhance the fusion of these multimodal features,a feature fusion module called SA-JGmu was designed.This module utilized the self-attention mechanism to capture internal dependencies between features.It also leveraged the gating mechanism to enhance interactivity among different features.Additionally,weight-jumping links were introduced to further optimize the representational capabili-ties of the model.Experimental results on the Microsoft malware classification challenge dataset demonstrate that MFAGM achieves higher accuracy and Fl scores compared to other methods in the task of malware detection.关键词
恶意软件检测/深度学习/特征融合/多模态学习/静态分析Key words
malware detection/deep learning/feature fusion/multimodal learning/static analysis分类
信息技术与安全科学引用本文复制引用
陈仲元,张建标..基于注意力与门控机制的多特征融合恶意软件检测方法[J].网络与信息安全学报,2024,10(1):123-135,13.基金项目
北京市自然科学基金(M21039)Beijing Natural Science Foundation(M21039) (M21039)
