基于多裁剪的恶意软件检测和分类模型OA北大核心CSTPCD
A multi-crop-based malware detection and classification model
针对恶意软件检测和分类中存在局部关键特征丢失、样本不足、样本不平衡和分类准确率低等问题,提出了一种基于多裁剪策略的恶意软件检测与分类模型MadcuG.模型首先将恶意软件字节文件用字节数组的形式放至内存缓冲区中生成彩色图像;然后用多裁剪策略将彩色图像生成恶意软件局部图像,以增加对局部关键特征的关注,解决样本不平衡和局部关键特征丢失问题;最后,用深度卷积生成对抗网络构造了打分判别器和分类判别器,目标损失函数为打分判别器和生成器的对抗损失及分类判别器的分类损失,以增加训练中参数的利用率和模型的泛化能力.实验结果表明:MadcuG模型在BIG2015和Malimg数据集上分别获得了 99.88%和99.2%的分类准确率,优于已有模型.
To solve the problems of missing local key features,insufficient samples,unbalanced samples and low classification accuracy in malware detection and classification,a model named MadcuG based on multi-crop strategy was proposed.Firstly,the malware byte file was put into the memory buffer as a byte array to generate a color image.Secondly,the multi-crop strategy was used to generate local malware images using color images to increase the attention of local key features and solve the problem of sample imbalance and local key feature loss.Finally,the deep convolution generative adversarial network was used to construct two discriminators:the scoring discriminator and the classification discriminator.The objective function was used to calculate the adversarial loss of the scoring discriminator and the generator and the classification loss of the classification discriminator,in order to increase the utilization rate of parameters and the generalization of the model.The experimental results show that the MadcuG model can reach 99.88%and 99.2%on the BIG2015 and Malimg data sets,respectively,which outperforms existing models.
王方伟;史锡朋;李青茹;王长广
河北师范大学计算机与网络空间安全学院,河北石家庄 050024||河北师范大学河北省网络与信息安全重点实验室,河北石家庄 050024河北师范大学计算机与网络空间安全学院,河北石家庄 050024
计算机与自动化
系统安全深度卷积生成对抗网络多裁剪策略恶意软件分类样本不平衡
system securitydeep convolution generates adversarial networksmulti-crop strategymalware classificationunbalanced samples
《华中科技大学学报(自然科学版)》 2024 (003)
121-126 / 6
国家自然科学基金资助项目(61572170);河北省自然科学基金资助项目(F2021205004);河北省教育厅重点资助项目(ZD2021062);河北省科技计划资助项目(22567606H).
评论