Yueyang Shang, Fuwei Wang, Yunfei Zhang, Dong Li, Wenbin Tan
{"title":"基于动态和静态特征的恶意代码检测和分类研究","authors":"Yueyang Shang, Fuwei Wang, Yunfei Zhang, Dong Li, Wenbin Tan","doi":"10.1117/12.3031906","DOIUrl":null,"url":null,"abstract":"Malicious code can reflect its malicious behavior through dynamic API sequences and static PE header information, and deep learning algorithms have made progress in such malicious code detection. The article designs a 1D-CNN-BiGRU network model based on one-dimensional convolutional neural networks and bidirectional gated recurrent neural networks. The model takes API call sequences and PE header information as feature inputs and undergoes convolutional computation and recurrent neural network learning training to further learn the features of malicious code. Through the analysis of experimental results, the correctness of the malicious code verification of this model is demonstrated. The detection accuracy of normal samples on dynamic API call sequences is over 97%, and the accuracy on static PE structures is 95.64%. It has good performance in malicious code detection.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Research on malicious code detection and classification based on dynamic and static features\",\"authors\":\"Yueyang Shang, Fuwei Wang, Yunfei Zhang, Dong Li, Wenbin Tan\",\"doi\":\"10.1117/12.3031906\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malicious code can reflect its malicious behavior through dynamic API sequences and static PE header information, and deep learning algorithms have made progress in such malicious code detection. The article designs a 1D-CNN-BiGRU network model based on one-dimensional convolutional neural networks and bidirectional gated recurrent neural networks. The model takes API call sequences and PE header information as feature inputs and undergoes convolutional computation and recurrent neural network learning training to further learn the features of malicious code. Through the analysis of experimental results, the correctness of the malicious code verification of this model is demonstrated. The detection accuracy of normal samples on dynamic API call sequences is over 97%, and the accuracy on static PE structures is 95.64%. It has good performance in malicious code detection.\",\"PeriodicalId\":198425,\"journal\":{\"name\":\"Other Conferences\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Other Conferences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1117/12.3031906\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Other Conferences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.3031906","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
恶意代码可以通过动态 API 序列和静态 PE 头信息反映其恶意行为,深度学习算法在此类恶意代码检测方面取得了进展。文章设计了一种基于一维卷积神经网络和双向门控递归神经网络的 1D-CNN-BiGRU 网络模型。该模型以 API 调用序列和 PE 头信息为特征输入,经过卷积计算和递归神经网络学习训练,进一步学习恶意代码的特征。通过对实验结果的分析,证明了该模型对恶意代码验证的正确性。对动态 API 调用序列正常样本的检测准确率超过 97%,对静态 PE 结构的检测准确率为 95.64%。该模型在恶意代码检测方面具有良好的性能。
Research on malicious code detection and classification based on dynamic and static features
Malicious code can reflect its malicious behavior through dynamic API sequences and static PE header information, and deep learning algorithms have made progress in such malicious code detection. The article designs a 1D-CNN-BiGRU network model based on one-dimensional convolutional neural networks and bidirectional gated recurrent neural networks. The model takes API call sequences and PE header information as feature inputs and undergoes convolutional computation and recurrent neural network learning training to further learn the features of malicious code. Through the analysis of experimental results, the correctness of the malicious code verification of this model is demonstrated. The detection accuracy of normal samples on dynamic API call sequences is over 97%, and the accuracy on static PE structures is 95.64%. It has good performance in malicious code detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
