摘要
针对现阶段容器环境下恶意软件检测研究较少且检测率较低的问题,提出了一种基于LSTM-CNN的容器内恶意软件静态检测方法,用以在恶意软件运行前进行检测,从源头阻断其攻击行为,降低检测过程给容器运行带来的性能损耗。该方法通过无代理的方式获取容器内待测软件,提取其API调用序列作为程序行为数据,利用word2vec模型对程序API调用序列进行向量化表征,并基于LSTM和CNN分别提取其语义信息及多维局部特征以实现恶意软件的检测。在容器环境下实现了该方法,并基于公开数据集VirusShare进行测试,结果表明该方法可达到99.76%的检测率且误报率低于1%,优于同类其他方法。
Aiming at the problem of less research and low detection rate of malware detection in the current container environment,this paper proposed a static detection method of malware in container based on LSTM-CNN.The purpose of the method is to detect malware before it runs,to block its attack behavior from the source,and to reduce the performance loss brought by the detection process to the operation of container.The method obtained the software to be tested in the container without agent,and extracted API(application programming interface)call sequences as program behavior data,used word2vec model to vectorize API call sequences,and extracted the semantic information and multi-dimensional local features based on LSTM and CNN respectively to detect malware.This paper implemented the method in container environment and tested on an open sourced dataset VirusShare,the results show that the method can achieve a detection rate of 99.76%and the false alarm rate is less than 1%,which is superior to other similar methods.
作者
金逸灵
陈兴蜀
王玉龙
Jin Yiling;Chen Xingshu;Wang Yulong(College of Cybersecurity,Sichuan University,Chengdu 610065,China;Research Institute of Cybersecurity,Sichuan University,Chengdu 610065,China)
出处
《计算机应用研究》
CSCD
北大核心
2020年第12期3704-3707,3711,共5页
Application Research of Computers
基金
国家自然科学基金青年科学基金资助项目(61802270,61802271)
四川省重点研发资金资助项目(2018G20100)
四川省科技支撑计划资金资助项目(2016GZ0038)。
关键词
容器
卷积神经网络
深度学习
长短期记忆
恶意软件检测
container
CNN(convolutional neural network)
deep learning
LSTM(long short-term memory)
malware detection
