现代信息科技2024,Vol.8Issue(8):177-181,185,6.DOI:10.19850/j.cnki.2096-4706.2024.08.038
基于双流融合网络的恶意软件动态行为检测
Dynamic Behavior Detection for Malware Based on Dual-stream Converged Networks
王玉胜 1毛子恒1
作者信息
- 1. 辽宁工业大学电子与信息工程学院,辽宁 锦州 121001
- 折叠
摘要
Abstract
To address the problem that traditional static analysis methods are difficult to capture the complex and changeable dynamic behavior of malware,the experiment is based on dynamic feature analysis techniques,through studying the WindowsAPI call sequences of eight common malware,it is found that the before-and-after order of API call sequences and the call frequency will directly reflect the malicious behavior of malware.The experiment uses TF-IDF(Term Frequency-Inverse Document Frequency)technique to vectorize the API call sequences,and designs a Deep Learning model based on CNN-BiLSTM dual-stream converged network to model the before-and-after dependency relationship of such API calls and realize the dynamic detection of common malware.The experimental results indicate that the test accuracy of this model reaches 95.99%,which is better than RF,SVM,LSTM,BiLSTM and CNN-LSTM models,and provides reference for malware detection.关键词
API调用序列/动态检测/深度学习/特征表示Key words
API call sequence/dynamic detection/Deep Learning/feature representation分类
计算机与自动化引用本文复制引用
王玉胜,毛子恒..基于双流融合网络的恶意软件动态行为检测[J].现代信息科技,2024,8(8):177-181,185,6.
