一种基于行为集成学习的恶意代码检测方法

doi:10.13190/j.jbupt.2018-318

北京邮电大学学报 ›› 2019, Vol. 42 ›› Issue (4): 89-95.doi: 10.13190/j.jbupt.2018-318

一种基于行为集成学习的恶意代码检测方法

胥小波^1,2, 张文博¹, 何超¹, 罗怡¹

1. 中国电子科技网络信息安全有限公司, 成都 610041;
2. 中国电子科技集团公司第三十研究所, 成都 610041

收稿日期:2018-12-22 出版日期:2019-08-28 发布日期:2019-08-26
作者简介:胥小波(1985-),男,博士,E-mail:xxb0620@163.com.

A Malicious Code Detection Method Based on Ensemble Learning of Behavior

XU Xiao-bo^1,2, ZHANG Wen-bo¹, HE Chao¹, LUO Yi¹

1. China Electronics Technology Cyber Security Company Limited, Chengdu 610041, China;
2. China Electronic Technology Group Corporation Thirtieth Research Institute, Chengdu 610041, China

Received:2018-12-22 Online:2019-08-28 Published:2019-08-26

摘要/Abstract

摘要： 为了解决变种恶意代码、未知威胁行为恶意分析等问题，研究了基于梯度提升树的恶意代码分类方法，从大量样本中学习程序行为特征和指令序列特征，实现了智能恶意代码分类功能.将GBDT算法引入恶意代码检测领域，使模型结果行为序列具有可解释性，对恶意代码的检测能力大幅提高.GBDT算法能够客观地反映恶意代码的行为和意图本质，能够准确识别恶意代码.

关键词: 恶意代码, 未知威胁, 梯度提升树, 行为特征

Abstract: In order to solve the problem of variant malicious code and behavior analysis of unknown threat, a method for malware classification based on gradient boosting decision tree (GBDT) algorithm is researched, which learns the characteristics of code behavior and instruction sequence from a large number of samples, and realizes the intelligent malicious code classification function. GBDT algorithm is introduced into the field of malicious code detection, so that the behavior sequence of the model is interpretable, and improves its ability to detect malicious code significantly. GBDT algorithm can reflect the nature of the behavior and intention of malicious code objectively, and identify malicious code accurately.

Key words: malware code, unknown threat, gradient boosting decision tree, behavior characteristics

中图分类号:

TP302

胥小波, 张文博, 何超, 罗怡. 一种基于行为集成学习的恶意代码检测方法[J]. 北京邮电大学学报, 2019, 42(4): 89-95.

XU Xiao-bo, ZHANG Wen-bo, HE Chao, LUO Yi. A Malicious Code Detection Method Based on Ensemble Learning of Behavior[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2019, 42(4): 89-95.

参考文献

[1] Jacob G, Debar H, Fillol E. Behavioral detection of malware:from a survey towards an established taxonomy[J]. Journal in Computer Virology, 2008, 4(3):251-266.
[2] Christodorescu M, Jha S, Seshia S A, et al. Semantics-aware malware detection[C]//Proc of the 2005 IEEE Symposium on Security and Privacy. California:[s.n.], 2005:32-46.
[3] 王蕊, 冯登国, 杨轶等. 基于语义的恶意代码行为特征提取及检测方法[J]. 软件学报, 2012, 23(2):378-393. Wang Rui, Feng Dengguo, Yang Yi, et al. Semantics-based malware behavior signature extraction and detection method[J]. Journal of Software, 2012, 23(2):378-393.
[4] 韩晓光, 曲武, 姚宣霞等. 基于纹理指纹的恶意代码变种检测方法研究[J]. 通信学报, 2014, 35(8):125-136. Han Xiaoguang, Qu Wu, Yao Xuanxia, et al. Research on malicious code variants detection based on texture fingerprint[J]. Journal on Communications, 2014, 35(8):125-136.
[5] Fan Yujie, Chen Lifei, Guo Gongde. Learning and classification of malicious behaviors in software code[J]. Journal of Data Acquisition and Processing, 2017, 32(3):612-620.
[6] 胥小波, 郑康锋, 李丹等. 新的混沌粒子群优化算法[J]. 通信学报, 2012, 33(1):24-33. Xu Xiaobo, Zheng Kangfeng, Li Dan, et al. New chaos-particle swarm optimization algorithm[J]. Journal on Communications, 2012, 33(1):24-33.
[7] Hiromu Yakura, Shinnosuke Shinozaki, Reon Nishimura, et al. Malware analysis of imaged binary samples by convolutional neural network with attention mechanism[C]//CODASPY'18 Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. Dallas, Texas, USA. ACM Press the 10th ACM Workshop. 2018:127-134.
[8] Cui Zhihua, Xue Fei, Cai Xingjuan, et al. Detection of malicious code variants based on deep learning[J]. IEEE Transactions on Industrial Informatics, 2018(14):3187-3196.
[9] 黄全伟. 基于N-Gram系统调用序列的恶意代码静态检测[D]. 哈尔滨:哈尔滨工业大学, 2009.
[10] Ravi C, Manoharan R. Malware detection using windows API sequence and machine learning[J]. International Journal of computer Applications, 2012, 43(17):12-16.
[11] 廖国辉, 刘嘉勇. 基于数据挖掘和机器学习的恶意代码检测方法[J]. 信息安全研究, 2016(1):74-79. Liao G H, Liu J Y. A malicious code detection method based on data mining and machine learning[J]. Journal of Information Security Research, 2016(1):74-79.
[12] Tobiyama S, Yamaguchi Y, Shimada H, et al. Malware detection with deep neural network using process behavior[C]//2016 40^th Annual IEEE Conference on Computer Software and Applications (COMPSAC). Atlanta:IEEE, 2016:577-582.
[13] Dahl G E, Stokes J W, Deng L, et al. Large-scale malware classification using random projections and neural networks[C]//2013 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). Vancouver:IEEE, 2013:3422-3426.

一种基于行为集成学习的恶意代码检测方法

A Malicious Code Detection Method Based on Ensemble Learning of Behavior

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 2

编辑推荐

Metrics

本文评价

[1]	张文, 刘文灵, 李晖, 陈泽, 牛少彰. 一种基于CFI保护的Android Native代码保护框架[J]. 北京邮电大学学报, 2018, 41(6): 1-6,13.
[2]	武斌, 林幸, 李卫东, 芦天亮, 张冬梅. 云计算下手机人工免疫恶意代码检测模型[J]. 北京邮电大学学报, 2015, 38(4): 34-38.