摘要
针对恶意代码变种激增导致传统检测方法效能不足的问题,文章提出一种基于混合多尺度注意力网络的恶意代码分类架构MSA-ResNet。该架构通过双线性插值算法实现图像尺寸标准化,有效保留易混淆恶意代码家族的纹理特征,并结合动态数据增强策略优化输入多样性。在网络架构中,将多尺度注意力模块嵌入ResNet50残差块末端,构建跨尺度特征交互机制,使特征点关联距离缩短,注意力收敛速度提升。实验结果表明,架构在Malimg数据集上实现99.47%的准确率与99.46%的宏平均F1分数,较传统ResNet50架构提升1.95%,参数量仅增加15%。与现有最优方法相比,分类精度提升0.49%,且对Obfuscator.AD等复杂恶意代码变种检测有效。
To address the performance limitations of traditional detection methods caused by the proliferation of malware variants,this paper proposed a Hybrid Multi-Scale Attention Network MSA-ResNet for malware classification.The framework employed a bilinear interpolation algorithm to standardize image sizes while effectively preserving texture features of easily confusable malware families,combined with dynamic data augmentation to optimize input diversity.In the network architecture,a Multi-scale Attention Module was embedded at the end of ResNet50 residual blocks to establish cross-scale feature interaction,reducing feature point correlation distances and improving attention convergence speed.Experimental results demonstrate that the model achieves 99.47%accuracy and 99.46%macro-average F1-score on the Malimg dataset,outperforming the baseline ResNet50 by 1.95%with only a 15%increase in parameters.Compared to state-of-the-art methods,it improves classification accuracy by 0.49%and shows effectiveness in detecting complex variants like Obfuscator.AD.
作者
李思聪
王飞
魏子令
陈曙晖
LI Sicong;WANG Fei;WEI Ziling;CHEN Shuhui(College of Computer Science,National University of Defense Technology,Changsha 410073,China)
出处
《信息网络安全》
北大核心
2025年第8期1208-1222,共15页
Netinfo Security
基金
国家自然科学基金[62202486,U22B2005]
江苏省重点研发计划[BE2023004-4]
湖南省科技创新计划[2024RC3139]。
关键词
恶意代码可视化
卷积神经网络
多尺度注意力机制
图像尺寸归一化算法
特征融合
malicious code visualization
convolutional neural network
multi-headed attention mechanism
image size normalization algorithm
feature fusion
