摘要
为解决现有恶意代码检测方法存在的特征提取能力不足、检测模型泛化性弱的问题,提出了一种基于Windows API调用序列的恶意代码检测方法.使用N-gram算法和TF-IDF算法提取序列的统计特征,采用Word2Vec模型提取语义特征,将统计特征和语义特征进行特征融合,作为API调用序列的特征.设计了基于Stacking的三层检测模型,通过多个弱学习器构成一个强学习器提高检测模型性能.实验结果表明,提出的特征提取方法可以获得更关键的特征,设计的检测模型的准确率、精确率、召回率均优于单一模型且具有良好的泛化性,证明了检测方法的有效性.
In order to solve the problems of insufficient feature extraction ability and weak generalization of the detection model in existing malicious code detection methods,this paper presents a malicious code detection method based on Windows API call sequence.This detection method uses am algorithm and TF-IDF algorithm to extract the statistical features of the sequence,and uses Word2Vec model to extract the semantic features,and then fuses the statistical features and semantic features as the features of API call sequences.The three-layer detection model based on stacking is designed,which forms a strong learner through multiple weak learners to improve the performance of the detection model.The experimental results show that the proposed feature extraction method can obtain more critical features,and the designed detection model is superior to the single model in accuracy,precision and recall rates,and has good generalization,which proves the effectiveness of the detection method.
作者
杨波
张健
李焕洲
唐彰国
李智翔
YANG Bo;ZHANG Jian;LI Huanzhou;TANG Zhangguo;LI Zhixiang(College of Physics and Electronic Engineering,Sichuan Normal University,Chengdu 610101,Sichuan;Institute of Network and Communication Technology,Sichuan Normal University,Chengdu 610101,Sichuan)
出处
《四川师范大学学报(自然科学版)》
CAS
2023年第5期700-705,共6页
Journal of Sichuan Normal University(Natural Science)
基金
2022年无线传感器网络四川省高校重点实验室重点项目(WSN2022001)。
