计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (11A): 240200098-7.doi: 10.11896/jsjkx.240200098

• 信息安全 • 上一篇    下一篇

基于多模态融合的动态恶意软件检测方法

李鉴秋1, 刘万平1, 黄东2, 张琼3   

  1. 1 重庆理工大学计算机科学与工程学院 重庆 400054
    2 贵州大学现代制造技术教育部重点实验室 贵阳 550025
    3 重庆机电职业技术大学信息中心 重庆 402760
  • 出版日期:2024-11-16 发布日期:2024-11-13
  • 通讯作者: 刘万平(wpliu@cqut.edu.cn)
  • 作者简介:(lijq@stu.cqut.edu.cn)
  • 基金资助:
    重庆市自然科学基金(cstc2021jcyj-msxmX0594)

Multimodal Fusion Based Dynamic Malware Detection

LI Jianqiu1, LIU Wanping1, HUANG Dong2, ZHANG Qiong3   

  1. 1 College of Computer Science and Engineering,Chongqing University of Technology,Chongqing 400054,China
    2 Key Laboratory of Advanced Manufacturing Technology of the Ministry of Education,Guizhou University,Guiyang 550025,China
    3 Information Center,Chongqing Vocational and Technical University of Mechatronics,Chongqing 402760,China
  • Online:2024-11-16 Published:2024-11-13
  • About author:LI Jianqiu,born in 1997,postgraduate,is a member of CCF(No.R6779G).His research interestsis malware detection.
    LIU Wanping,born in 1986,Ph.D,associate professor,master supervisor,is a member of CCF(No.43152M).His main research interests include network and information security.
  • Supported by:
    Natural Science Foundation of Chongqing,China(cstc2021jcyj-msxmX0594).

PDF (PC)

160

摘要: 近年来,新型恶意软件数量越来越多,而传统的签名式恶意软件检测方法在面对这些新恶意软件时逐渐失效,亟需开发出新的检测方法。针对这一问题,提出了一种基于多模态的动态恶意软件检测方法,该方法使用API调用序列作为特征,并将API特征映射为多模态信息,使用2种不同的网络模型对多模态信息进行处理,并获得检测结果。通过在多个公开的数据集上对所提方法进行了测试,获得最高99.98%的检测准确度。实验表明,所提方法具有高准确率以及良好的泛化能力。由于该方法无需任何反汇编操作,因此可以对使用了加壳技术的恶意软件进行检测,这一特点有效提高了检测方法的鲁棒性。

关键词: 恶意软件检测, 多模态融合, 深度学习

Abstract: In recent years,the number of new types of malware has been increasing rapidly,and traditional signature-based malware detection methods are ineffective in the face of these these emerging threats.Therefore,there is an urgent need to develop new detection methods.As a solution,a novel approach based on multimodal dynamic malware detection is proposed.The method utilizes API call sequences as features,mapping these API features into multimodal information,and employs two distinct neural network models to process the multimodal information,thereby obtaining detection outcomes.By testing the proposed method on multiple public datasets,a detection accuracy of up to 99.98% is achieved.Experiments demonstrate that the proposed method exhibits high accuracy and generalization capability.Because this method does not require any disassembly operations,it can detect malware that uses packing techniques,effectively enhancing the robustness of the detection method.

Key words: Malware detection, Multimodal fusion, Deep learning

中图分类号: 

  • TP309.5
[1]GENG J,WANG J,FANG Z,et al.A survey of strategy-driven evasion methods for PE malware:Transformation,concealment,and attack[J].Computers & Security,2024,137:103595.
[2]LIU W,ZHONG S.Web malware spread modelling and optimalcontrol strategies[J].Scientific Reports,2017,7:42308.
[3]NI S,QIAN Q,ZHANG R.Malware identification using visua-lization images and deep learning[J].Computers & Security,2018,77:871-885.
[4]MANKU G S,JAIN A,DAS SARMA A.Detecting near-duplicates for web crawling[C]//Proceedings of the 16th International Conference on World Wide Web.2007:141-150.
[5]GIBERT D,MATEU C,PLANES J.HYDRA:A multimodaldeep learning framework for malware classification[J].Compu-ters & Security,2020,95:101873.
[6]SUN G,QIAN Q.Deep learning and visualization for identifying malware families[J].IEEE Transactions on Dependable and Secure Computing,2018,18(1):283-295.
[7]ZHANG Y,WALLACE B C.A Sensitivity Analysis of(andPractitioners' Guide to) Convolutional Neural Networks for Sentence Classification[C]//Proceedings of the Eighth International Joint Conference on Natural Language Processing(Vo-lume 1:Long Papers).2017:253-263.
[8]DENG J,DONG W,SOCHER R,et al.Imagenet:A large-scale hierarchical image database[C]//2009 IEEE Conference on Computer Vision and Pattern Recognition.IEEE,2009:248-255.
[9]RONEN R,RADU M,FEUERSTEIN C,et al.Microsoft mal-ware classification challenge[J].arXiv:1802.10135,2018.
[10]MANIRIHO P,MAHMOOD A N,CHOWDHURY M J M.MalDetConv:Automated Behaviour-based Malware Detection Framework Based on Natural Language Processing and Deep Learning Techniques[J].arXiv:2209.03547,2022.
[11]ALLAN N,NGUBIRI J.Windows PE API calls for malicious and benigin programs[J].International Journal of Technology and Management,2019,3(2):1-9.
[12]KI Y,KIM E,KIM H K.A novel approach to detect malware based on API call sequence analysis[J].International Journal of Distributed Sensor Networks,2015,11(6):659101.
[13]Alibaba Cloud Malware Detection Based on Behaviors [EB/OL].[2018].https://tianchi.aliyun.com/getStart/information.htm?raceId=231694.
[14]SIMONYAN K,ZISSERMAN A.Very deep convolutional networks for large-scale image recognition[C]//3rd International Conference on Learning Representations(ICLR 2015).Computational and Biological Learning Society,2015.
[15]HUANG G,LIU Z,VAN DER MAATEN L,et al.Densely con-nected convolutional networks[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2017:4700-4708.
[16]HE K,ZHANG X,REN S,et al.Deep residual learning forimage recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2016:770-778.
[17]AMER E,ZELINKA I.A dynamic Windows malware detection and prediction method based on contextual understanding of API call sequence[J].Computers & Security,2020,92:101760.
[18]AMER E,EL-SAPPAGH S,HU J W.Contextual identification of windows malware through semantic interpretation of api call sequence[J].Applied Sciences,2020,10(21):7673.
[19]TRAN T K,SATO H.NLP-based approaches for malware classification from API sequences[C]//2017 21st Asia Pacific Symposium on Intelligent and Evolutionary Systems(IES).IEEE,2017:101-105.
[20]GAO M,WU P,PAN L.Malware Detection with Limited Supervised Information via Contrastive Learning on API Call Sequences[C]//International Conference on Information and Communications Security.Cham:Springer International Publishing,2022:492-507.
[21]XU A,CHEN L,KUANG X,et al.A hybrid deep learning mo-del for malicious behavior detection[C]//2020 IEEE 6th Intl Conference on Big Data Security on Cloud(BigDataSecurity),IEEE International Conference on High Performance and Smart Computing,(HPSC) and IEEE Intl Conference on Intelligent Data and Security(IDS).IEEE,2020:55-59.
[22]ZHANG Z,LI Y,DONG H,et al.Spectral-based directed graph network for malware detection[J].IEEE Transactions on Network Science and Engineering,2020,8(2):957-970.
[23]ZHANG S,WU J,ZHANG M,et al.Dynamic Malware Analysis Based on API Sequence Semantic Fusion[J].Applied Sciences,2023,13(11):6526.
[24]ZHANG Z,LI Y,WANG W,et al.Malware detection with dynamic evolving graph convolutional networks[J].International Journal of Intelligent Systems,2022,37(10):7261-7280.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发