摘要
恶意攻击者不断研发新的技术和方法来隐藏、混淆和变异恶意载荷,以逃避检测,其模式与正常数据越来越相似,导致新的加密算法和混淆技术使得传统的基于特征匹配的检测方法难以识别恶意载荷。为此,提出基于深度学习算法的恶意载荷检测方法。构建知识图谱,明确恶意载荷的类别属性信息,并构建数据集,平衡处理当前数据集后,导入匹配规则,建立数据之间的知识图谱关系。在二进制规则下,采用Metasploit符号执行树对于知识图谱展开编码和解码,并匹配数据集同类型属性的基础数据。将匹配后数据归一化处理,检验局部特征后,采用梯度划分的方式检测,计算出均方误差,输出模型的结果。最终按照得出的结果,通过交叉核验的方式对恶意载荷位置修正,调整,实现最终评估。实验结果表明:本次新提出的检测方法最终得出的召回率较高,可以达到80%以上,具有更理想的实用性。
Malicious attackers continue to develop new technologies and methods to hide,confuse and mutate malicious payloads to evade detection,and their patterns are increasingly similar to normal data,resulting in new encryption algorithms and obfuscating techniques that make it difficult for traditional detection methods based on feature matching to identify malicious payloads.Therefore,a malicious payload detection method based on deep learning algorithm is proposed.The knowledge graph is constructed to clarify the category attribute information of the malicious payload,and the data set is constructed.After balancing the current data set,the matching rules are imported to establish the knowledge graph relationship between the data.Under the binary rule,Metasploit symbol execution tree is used to encode and decode the knowledge graph,and match the basic data of the same type attribute in the data set.After the matching data is normalized,the local features are checked,and the mean square error is calculated by means of gradient division,and the model results are output.Finally,according to the results obtained,the malicious load position is corrected and adjusted by the way of cross check to achieve the final evaluation.The experimental results show that the new detection method has a higher recall rate,which can reach more than 80%,and has better practicability.
作者
马力
汪明
栗维勋
马骁
王冶华
金明辉
MA Li;WANG Ming;LI Weixun;MA Xiao;WANG Yehua;JIN Minghui(NARI Group Corporation(State Grid Electric Power Research Institute),Nanjing 211006,China;Beijing Kedong Electric Power Control System Co.,Ltd.,Beijing 100192,China;State Grid Corporation of China,Beijing 100031,China;State Grid Hebei Power Company,Shijiazhuang 050000,China;State Grid Shanghai Municipal Electric Power Company,Shanghai 200122,China)
出处
《自动化与仪器仪表》
2025年第10期58-62,共5页
Automation & Instrumentation
基金
国家电网有限公司科技项目资助(新一代电力网络安全专用安全防护及监测装备关键技术研究5108-202413050A-1-1-ZN)。
关键词
深度学习
算法设计
恶意载荷
载荷检测
检测方法
载荷控制
deep learning
algorithm design
malicious payload
load detection
detection method
load control
