网络安全与数据治理2026,Vol.45Issue(4):45-50,6.DOI:10.19358/j.issn.2097-1788.2026.04.006
融合多尺度CNN与Transformer的恶意软件行为检测方法
A malware behavior detection method based on the fusion of multi-scale CNN and Transformer
摘要
Abstract
To address the severe threats posed by stealthy malware behavioral trajectories and the difficulty in modeling long-sequence depend-encies,this paper proposes a detection method that fuses multi-scale Convolutional Neural Networks(CNN)with the Transformer architecture.First,the approach utilizes Speakeasy simulation logs denoising and composite event tokenization techniques to convert redundant logs into standardized semantic sequences.Next,it employs a multi-layer CNN structure to extract local attack behavior features.Subsequently,these extracted features are fed into a Transformer encoder to model global temporal dependencies via a multi-head self-attention mechanism.The ex-perimental results show that the hybrid model has achieved an accuracy of 92.29%and an F1-Score of 92.48%on the Speakeasy dataset.This approach significantly reduces the false positive rate in sequence detection,providing a new technical pathway for malware detection in complex network environments.关键词
恶意软件检测/卷积神经网络/Transformer/多尺度特征提取/动态行为分析Key words
malware detection/Convolutional Neural Network(CNN)/Transformer/multi-scale feature extraction/dynamic behavior analysis分类
信息技术与安全科学引用本文复制引用
刘帅,王小英,戚盼盼,崔方方,谷瑞泽..融合多尺度CNN与Transformer的恶意软件行为检测方法[J].网络安全与数据治理,2026,45(4):45-50,6.基金项目
中央高校基本科研业务费研究生科技创新基金(ZY20260317) (ZY20260317)
立德树人视域下AI赋能网络安全"赛-教-创-研-服"育人路径探索与实践(2026GJJG487) (2026GJJG487)
