计算机与现代化Issue(8):57-62,6.DOI:10.3969/j.issn.1006-2475.2025.08.008
基于ATT&CK框架和Bert模型的恶意代码同源性分析方法
Malicious Code Homology Analysis Method Based on ATT&CK Framework and Bert Model
摘要
Abstract
At present,malware attacks are one of the main threats to cyberspace security.By analyzing malicious programs from known organizations and determining the homology of unknown malicious programs based on similar characteristics,it is helpful to identify unknown malicious programs and attribution attack organizations.However,the existing homology analysis models have some problems,such as high complexity of manual feature extraction,inadaptability to large-scale analysis scenarios,low efficiency,and lack of in-depth consideration of the transmission relationship between attack behaviors.This paper proposes a homology recognition model based on the ATT&CK framework and the Bert(bidirectional encoder representation from transform-ers)model,which solves the problem of low homology recognition accuracy caused by code confusion and polymorphism in the face of static features through high-dimensional attack techniques and tactics in the ATT&CK framework.The Bert model is used to effectively integrate the multi-dimensional features of malicious code,and solve the problem of insufficient sequence modeling by recurrent neural network-based analysis methods.Experimental results show that the proposed scheme can effectively identify the homology between malicious codes.关键词
恶意代码/同源性分析/ATT&CK框架/Bert模型Key words
malicious code/homology analysis/ATT&CK framework/Bert model分类
信息技术与安全科学引用本文复制引用
郑啸宇,林九川,陈文萱,姚昕羽..基于ATT&CK框架和Bert模型的恶意代码同源性分析方法[J].计算机与现代化,2025,(8):57-62,6.
