基于深度特征融合的惡意軟件檢測方法研究

打開文本圖片集

Research onmalwaredetectionmethodbasedon deep feature fusion

ZHANG Xiaoyu1，2，ZHANGZhenyou1，2 （1.CollegeofArtificial Intellgence，NorthChinaUniversityofScienceandTechnology，TangshanO6321o，China; 2.HebeiKeyLboatrfustrialteligentrcetiorthiaUvesityfienedcholoagsa

Abstract：The features used in the current malwaredetection modelsaresimpleandthe detectionaccuracyof the models islow，andthemodelsfailtoconvergestablyduetoimbalancedcategories，soadeepfeaturefusionbasedmalwaredetection modelisproposed.Theobtainedrawtraficcapturefilesarecleanedtoremoveabnormaldatapackets.Anetworktraffcbasicinformationextractionlibraryisusedtosegmentnetworktraffcinthefomofsesions，obtainrelevantinformationaboutthetraffic，andetractterequiredstatisticalfeatures.ubsequently，tetatisticalfeaturesareeeplyprocssdbyfullyotedlay ersandautoencoders，ffectivelyeliminatingtheinfluenceofnoiseandgeneratingmorerobustfeatures.Next，aone-dimensional convolutional neuralnetwork （1D-CNN）andalong short-termmemory （LSTM）network areusedtoextractspatiotemporalfeatures jointlyandobtaincomprehensivelatentinformation，whicheliminatesunstablemodelconvergencewhilesignificantlyimproving the accuracyof modeldetection.The model was trainedandtestedonamixed datasetof StratosphereIPSandUSTC-TFC2016， and compared with five other models. The model achieves an accuracy of 99.48% and an F1 -score of 97.82% for binary classification tasks，and achieves an accuracy of 93.16% and an F1 -score of 92.69% for multi-classification tasks.The test results show thatthe model in this paper can effectively eliminate the unstable convergence caused by classimbalance.

Keywords：networktraffc;deeplearning;statisticalfeature；temporal feature;spatialfeature;classimbalance；malware classification

0 引言

在數字化時代，惡意軟件成為網絡安全領域的一大威脅，對個人用戶、企業(yè)機構以及整個網絡生態(tài)系統(tǒng)都構成了潛在的危脅。（剩余11628字）