基于动态和静态特征的恶意代码检测和分类研究

Yueyang Shang, Fuwei Wang, Yunfei Zhang, Dong Li, Wenbin Tan
{"title":"基于动态和静态特征的恶意代码检测和分类研究","authors":"Yueyang Shang, Fuwei Wang, Yunfei Zhang, Dong Li, Wenbin Tan","doi":"10.1117/12.3031906","DOIUrl":null,"url":null,"abstract":"Malicious code can reflect its malicious behavior through dynamic API sequences and static PE header information, and deep learning algorithms have made progress in such malicious code detection. The article designs a 1D-CNN-BiGRU network model based on one-dimensional convolutional neural networks and bidirectional gated recurrent neural networks. The model takes API call sequences and PE header information as feature inputs and undergoes convolutional computation and recurrent neural network learning training to further learn the features of malicious code. Through the analysis of experimental results, the correctness of the malicious code verification of this model is demonstrated. The detection accuracy of normal samples on dynamic API call sequences is over 97%, and the accuracy on static PE structures is 95.64%. It has good performance in malicious code detection.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Research on malicious code detection and classification based on dynamic and static features\",\"authors\":\"Yueyang Shang, Fuwei Wang, Yunfei Zhang, Dong Li, Wenbin Tan\",\"doi\":\"10.1117/12.3031906\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malicious code can reflect its malicious behavior through dynamic API sequences and static PE header information, and deep learning algorithms have made progress in such malicious code detection. The article designs a 1D-CNN-BiGRU network model based on one-dimensional convolutional neural networks and bidirectional gated recurrent neural networks. The model takes API call sequences and PE header information as feature inputs and undergoes convolutional computation and recurrent neural network learning training to further learn the features of malicious code. Through the analysis of experimental results, the correctness of the malicious code verification of this model is demonstrated. The detection accuracy of normal samples on dynamic API call sequences is over 97%, and the accuracy on static PE structures is 95.64%. It has good performance in malicious code detection.\",\"PeriodicalId\":198425,\"journal\":{\"name\":\"Other Conferences\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Other Conferences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1117/12.3031906\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Other Conferences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.3031906","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

恶意代码可以通过动态 API 序列和静态 PE 头信息反映其恶意行为,深度学习算法在此类恶意代码检测方面取得了进展。文章设计了一种基于一维卷积神经网络和双向门控递归神经网络的 1D-CNN-BiGRU 网络模型。该模型以 API 调用序列和 PE 头信息为特征输入,经过卷积计算和递归神经网络学习训练,进一步学习恶意代码的特征。通过对实验结果的分析,证明了该模型对恶意代码验证的正确性。对动态 API 调用序列正常样本的检测准确率超过 97%,对静态 PE 结构的检测准确率为 95.64%。该模型在恶意代码检测方面具有良好的性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Research on malicious code detection and classification based on dynamic and static features
Malicious code can reflect its malicious behavior through dynamic API sequences and static PE header information, and deep learning algorithms have made progress in such malicious code detection. The article designs a 1D-CNN-BiGRU network model based on one-dimensional convolutional neural networks and bidirectional gated recurrent neural networks. The model takes API call sequences and PE header information as feature inputs and undergoes convolutional computation and recurrent neural network learning training to further learn the features of malicious code. Through the analysis of experimental results, the correctness of the malicious code verification of this model is demonstrated. The detection accuracy of normal samples on dynamic API call sequences is over 97%, and the accuracy on static PE structures is 95.64%. It has good performance in malicious code detection.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Small data in model calibration for optical tissue phantom validation New approaches of supersmooth surfaces diagnostics by using carbon nanoparticles Uses of 3D printing technologies in opto-mechanics and opto-mechatronics for laboratory instruments Integrated approach to precision instrumentation: design, modeling, and experimental validation of a compliant mechanical amplifier for laser scalpel prototype Laser-induced periodic surface structures on TiAl6V4 surfaces by picosecond laser processing for dental abutments
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1