信息安全研究2025,Vol.11Issue(12):1125-1133,9.DOI:10.12379/j.issn.2096-1057.2025.12.08
基于语义复原和大模型的无文件混淆攻击识别
Fileless Obfuscation Attack Recognition Based on Semantic Recovery and Large Language Model
摘要
Abstract
With the continuous advancement of fileless attack techniques and strategies,research on identifying fileless malicious attack has garnered significant attention.Among these,fileless obfuscation attack,as a new type of covert,dynamic,and complex attack,can rapidly bypass existing attack engines and rule-based frameworks.To address this problem,this paper proposes an attack script restoration method guided by dynamic partial execution and semantic analysis tree guidance,enabling the restoration of obfuscated code.Furthermore,leveraging the efficiency of large models in attack understanding and semantic recognition,we integrate large models to achieve efficient identification and classification of fileless code.To further alleviate the limitations of large models in handling large code files and long passages,we also provide a semantic code compression strategy to retain critical attack semantics.Experimental results demonstrate that our proposed semantic restoration and large model identification methods can enhance effectiveness by around 10%compared to existing models and methods,while maintaining efficient attack identification efficiency.关键词
无文件攻击/混淆攻击/大模型/语义树分析/语义压缩Key words
fileless attack/confusion attack/large language model/semantic tree analysis/semantic compression分类
信息技术与安全科学引用本文复制引用
Wei Zheng,He Shuguo,Cheng Du,Qiu Jing,Pang Bowen,Xing Yajun,Guo Yuan..基于语义复原和大模型的无文件混淆攻击识别[J].信息安全研究,2025,11(12):1125-1133,9.基金项目
国家自然科学基金项目(U24A20336,62272114) (U24A20336,62272114)
国家科技重大专项基金项目(2022ZD0119602) (2022ZD0119602)
鹏程实验室重大攻关项目(PCL2024A05) (PCL2024A05)
北京市科技计划项目(Z231100005923012) (Z231100005923012)
广州市科技计划项目(2024A03J0399) (2024A03J0399)
