基于神经网络平滑聚合机制的恶意代码增量训练及检测方法
作者:
作者单位:

国网河南省电力公司电力科学研究院

中图分类号:

TP391

基金项目:

国家电网有限公司总部科技项目资助(5700-202024193A-0-0-00)。


Malware Incremental Training and Detection Method Based on Neural Network Smooth Aggregation Mechanism
Author:
Affiliation:

1.State Grid Henan Electric Power Research Institute,Zhengzhou,450000;2.China

  • 摘要
  • | |
  • 访问统计
  • |
  • 参考文献 [14]
  • | | | |
  • 文章评论
    摘要:

    为保证恶意代码变种检测模型的时效性,传统基于机器(深度)学习的检测方法通过集成历史数据和新增数据并进行重训练以更新模型,存在训练效率低的问题。文本提出一种基于神经网络平滑聚合机制的恶意代码增量学习方法,通过设计神经网络模型平滑聚合函数使模型平滑演进,并通过添加训练规模因子,避免增量模型因训练规模较小而严重影响聚合模型的准确性。实验结果表明,对比重训练方法,本文增量学习方法在提升训练效率的同时,几乎不降低模型的准确性。

    Abstract:

    In order to ensure the timeliness of malware variants detection model, traditional detection methods based on machine (deep) learning integrate historical data and incremental data, and retrain to update the detection models, which has the problem of low training efficiency. Therefore, this paper proposes an incremental learning method based on neural network smooth aggregation mechanism for malware variants detection, which makes the detection models evolve smoothly. This paper adds training scale factor to avoids the decent of accuracy of incremental model in aggregation due to small training scale. The experimental results show that our incremental learning method can improve the training efficiency while retaining the accuracy of the detection model compared with re-training method.

    参考文献
    [1] Seungho Jeon,SJongsub Moon. Malware-Detection Method with a Convolutional Recurrent Neural Network Using Opcode Sequences. Information Sciences[J], 2020, 535: 1-15.
    [2] Yuntao Zhao,SWenjie Cui,SShengnan Geng,SBo Bo,SYongxin Feng,SWenbo Zhang. A Malware Detection Method of Code Texture Visualization Based on an Improved Faster RCNN Combining Transfer Learning. IEEE Access[J], 2020, 8: 166630S- 166641.
    [3] Taheri Rahim,SGhahramani Meysam,SJavidan Reza. Similarity-based AndroidSmalwareSdetectionSusing Hamming distance of static binary features. Future Generation Computer Systems[J], 2020, 105: 230-247.
    [4] Intelligent DynamicSMalwareSDetectionSusing Machine Learning in IP Reputation for Forensics Data Analytics. Future Generation Computer Systems[J], 2020, 118: 124-141.
    [5] SoneilaSKhan,SAdnan Akhunzada. A hybrid DL-driven intelligent SDN-enabledSmalwareSdetectionSframework for Internet of Medical Things (IoMT). Computer Communication[J], 2020, 170: 209-216.
    [6] Khaled Bakour,SHalil Muratnver. DeepVisDroid: androidSmalwareSdetectionSby hybridizing image-based features with deep learning techniques, Neural Computing Application[J], 2021, 33: 11499–11516.
    [7] Sub-curve HMM: ASmalwareSdetectionSapproach based on partial analysis of API call sequences. Computer Security[J], 2020, 92.
    [8] Jixin Zhang, Zheng Qin, Hui Yin, Lu Ou, Kehuan Zhang. A feature-hybrid malware variants detection using CNN based opcode embedding and BPNN based API embedding. Computers Security[J], 2019, 84: 376-392.
    [9] 陈志锋, 李清宝, 张平. 基于数据特征的内核恶意软件检测. 软件学报[J], 2016: 27(12): 3172-3191
    [10] 杨欢,张玉清,胡予濮,刘奇旭. 基于多类特征的Android应用恶意行为检测系统. 计算机学报[J], 2014, 37(1): 15-27.
    [11] 冀甜甜,方滨兴,S崔翔,王忠儒,甘蕊灵,韩宇,余伟强. 深度学习赋能的恶意代码攻防研究进展. 计算机学报[J],2021,44(4): 669-695.
    [12] 杨吉云,陈钢,鄢然,吕建斌. 一种基于系统行为序列特征的Android恶意代码检测方法. 重庆大学学报[J],2020,43(9):54-63.
    [13] 李苑,王国胤,李智星,王化明,周政,姚钟毓,梁馨元. 基于序列注意力机制的卷积神经网络异常检测. 重庆大学学报[J],2019,51(2):17-22.
    [14] Sneha Kuduguntaa, Emilio Ferrara. Deep neural networks for bot detection. Information Sciences, 467: 312-322.
    相似文献
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文
分享
文章指标
  • 点击次数:194
  • 下载次数: 0
  • HTML阅读次数: 0
  • 引用次数: 0
历史
  • 收稿日期:2021-10-29
  • 最后修改日期:2022-02-19
  • 录用日期:2022-02-25
文章二维码