基于深度特征融合的恶意软件检测方法研究

打开文本图片集

Research onmalwaredetectionmethodbasedon deep feature fusion

ZHANG Xiaoyu1，²，ZHANGZhenyou1，² （1.CollegeofArtificial Intellgence，NorthChinaUniversityofScienceandTechnology，TangshanO6321o，China; 2.HebeiKeyLboatrfustrialteligentrcetiorthiaUvesityfienedcholoagsa

Abstract：The features used in the current malwaredetection modelsaresimpleandthe detectionaccuracyof the models islow，andthemodelsfailtoconvergestablyduetoimbalancedcategories，soadeepfeaturefusionbasedmalwaredetection modelisproposed.Theobtainedrawtraficcapturefilesarecleanedtoremoveabnormaldatapackets.Anetworktraffcbasicinformationextractionlibraryisusedtosegmentnetworktraffcinthefomofsesions，obtainrelevantinformationaboutthetraffic，andetractterequiredstatisticalfeatures.ubsequently，tetatisticalfeaturesareeeplyprocssdbyfullyotedlay ersandautoencoders，ffectivelyeliminatingtheinfluenceofnoiseandgeneratingmorerobustfeatures.Next，aone-dimensional convolutional neuralnetwork （1D-CNN）andalong short-termmemory （LSTM）network areusedtoextractspatiotemporalfeatures jointlyandobtaincomprehensivelatentinformation，whicheliminatesunstablemodelconvergencewhilesignificantlyimproving the accuracyof modeldetection.The model was trainedandtestedonamixed datasetof StratosphereIPSandUSTC-TFC2016， and compared with five other models. The model achieves an accuracy of 99.48% and an F1 -score of 97.82% for binary classification tasks，and achieves an accuracy of 93.16% and an F1 -score of 92.69% for multi-classification tasks.The test results show thatthe model in this paper can effectively eliminate the unstable convergence caused by classimbalance.

Keywords：networktraffc;deeplearning;statisticalfeature；temporal feature;spatialfeature;classimbalance；malware classification

0 引言

在数字化时代，恶意软件成为网络安全领域的一大威胁，对个人用户、企业机构以及整个网络生态系统都构成了潜在的危胁。（剩余11628字）