操作码
计算机科学
恶意软件
卷积神经网络
特征(语言学)
人工智能
机器学习
特征向量
Softmax函数
嵌入
模式识别(心理学)
数据挖掘
支持向量机
计算机安全
计算机硬件
语言学
哲学
作者
Jixin Zhang,Zheng Qin,Hui Yin,Lu Ou,Kehuan Zhang
标识
DOI:10.1016/j.cose.2019.04.005
摘要
Being able to detect malware variants is a critical problem due to the potential damages and the fast paces of new malware variations. According to surveys from McAfee and Symantec, there is about 69 new instances of malware detected in every minutes, and more than 50% of them are variants of existing ones. Such a large volume of diversified malware variants has forced researches to investigate new methods based on common behavior patterns using machine learning. However, such methods only use single type of features such as opcode, system call, etc., which faces several drawbacks: Firstly, the methods lose a part of useful information since different types of features show different characteristics of malware. This severely limits detection precision and recall. Secondly, the accuracy and the speed (as a trade-off) of such methods fail to meet users′ expectation. Thirdly, the precise classification of malware families is still a hard problem and is also important in malware analysis. In this work, we propose a feature-hybrid malware variants detection approach which integrates multi-types of features to address these challenges. We first represent opcodes by a bi-gram model and represent API calls by a vector of frequency, then we use principal component analysis to optimize the representations to improve the convergence speed, the next we adopt a convolutional neural network and a back-propagation neural network for opcode based feature embedding and API based feature embedding respectively, and finally we embed these features to train a detection model by using softmax. Theoretical analysis and real-life experimental results show the efficiency and optimization of our approach which achieves more than 95% malware detection accuracy and almost 90% classification accuracy of malware families. The detection speed of our approach is less than 0.1 s.
科研通智能强力驱动
Strongly Powered by AbleSci AI