为保证恶意代码变种检测模型的时效性,传统基于机器(深度)学习的检测方法通过集成历史数据和新增数据并进行重训练以更新模型,存在训练效率低的问题。文本提出一种基于神经网络平滑聚合机制的恶意代码增量学习方法,通过设计神经网络模型平滑聚合函数使模型平滑演进,并通过添加训练规模因子,避免增量模型因训练规模较小而严重影响聚合模型的准确性。实验结果表明,对比重训练方法,本文增量学习方法在提升训练效率的同时,几乎不降低模型的准确性。

In order to ensure the timeliness of malware variants detection model, traditional detection methods based on machine (deep) learning integrate historical data and incremental data, and retrain to update the detection models, which has the problem of low training efficiency. Therefore, this paper proposes an incremental learning method based on neural network smooth aggregation mechanism for malware variants detection, which makes the detection models evolve smoothly. This paper adds training scale factor to avoids the decent of accuracy of incremental model in aggregation due to small training scale. The experimental results show that our incremental learning method can improve the training efficiency while retaining the accuracy of the detection model compared with re-training method.

TP391

国家电网有限公司总部科技项目资助(5700-202024193A-0-0-00)。