摘要
针对恶意代码变更速度快、溯源困难的问题,提出了一种通过创建恶意代码变体数据集,增强模型家族溯源能力的分类方法。该方法将恶意代码可视化,使用改进的生成对抗网络对恶意代码进行分类,使用Ghost模块与Dropout层调节生成器与判别器的对抗能力,引入高效通道注意力机制帮助模型聚焦重要特征,使用卷积与上采样结合的结构避免生成图像棋盘格化。测试阶段使用恶意代码变体数据集与不同类别特征数据集,验证模型恶意代码变体的家族溯源能力。使用所提方法构建的模型具有更强的特征提取能力、更少的资源消耗以及更快的推理速度,满足当今恶意代码变更迅速对恶意代码分类模型提出的强抗混淆能力、高泛化能力的要求,且便于部署在移动、嵌入式等设备中,提供对恶意代码的实时检测。
Aiming at the issues of rapid mutation and difficult traceability of malicious code,this paper proposes a classification method that enhances familial traceability by creating a dataset of malicious code variants.The method visualizes malicious code,employs an improved generative adversarial network(GAN)for classification,and utilizes Ghost modules and Dropout layers to balance the adversarial capabilities of the generator and discriminator.An efficient channel attention mechanism is introduced to help the model focus on critical features,while a combined structure of convolution and upsampling avoids checkerboard artifacts in generated images.During testing,the model's familial traceability for malicious code variants is validated using both a malicious code variant dataset and datasets with distinct categorical features.The proposed method achieves stronger feature extraction,lower resource consumption,and faster inference speed,meeting the demands of modern rapidly evolving malicious code for anti-obfuscation capability and high generalization.Additionally,it is suitable for deployment on mobile and embedded devices,ensuring real-time detection of malicious code.
作者
李莉
张晴
孔悠然
苏仁嘉
赵鑫
LI Li;ZHANG Qing;KONG Youran;SU Renjia;ZHAO Xin(College of Computer and Control Engineering,Northeast Forestry University,Harbin 150040,China)
出处
《计算机工程与科学》
北大核心
2025年第7期1215-1225,共11页
Computer Engineering & Science
基金
黑龙江省重点研发计划(2022ZX01A30)。
关键词
恶意代码变体溯源
生成对抗网络
注意力机制
代码可视化
特征纹理
malicious code variant tracing
generative adversarial network
attention mechanism
code visualization
feature texture
