A Malicious Code Detection Method Based on Ensemble Learning of Behavior

doi:10.13190/j.jbupt.2018-318

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2019, Vol. 42 ›› Issue (4): 89-95.doi: 10.13190/j.jbupt.2018-318

• Reports • Previous Articles Next Articles

A Malicious Code Detection Method Based on Ensemble Learning of Behavior

XU Xiao-bo^1,2, ZHANG Wen-bo¹, HE Chao¹, LUO Yi¹

1. China Electronics Technology Cyber Security Company Limited, Chengdu 610041, China;
2. China Electronic Technology Group Corporation Thirtieth Research Institute, Chengdu 610041, China

Received:2018-12-22 Online:2019-08-28 Published:2019-08-26

Abstract

Abstract: In order to solve the problem of variant malicious code and behavior analysis of unknown threat, a method for malware classification based on gradient boosting decision tree (GBDT) algorithm is researched, which learns the characteristics of code behavior and instruction sequence from a large number of samples, and realizes the intelligent malicious code classification function. GBDT algorithm is introduced into the field of malicious code detection, so that the behavior sequence of the model is interpretable, and improves its ability to detect malicious code significantly. GBDT algorithm can reflect the nature of the behavior and intention of malicious code objectively, and identify malicious code accurately.

Key words: malware code, unknown threat, gradient boosting decision tree, behavior characteristics

CLC Number:

TP302

XU Xiao-bo, ZHANG Wen-bo, HE Chao, LUO Yi. A Malicious Code Detection Method Based on Ensemble Learning of Behavior[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2019, 42(4): 89-95.

References

[1] Jacob G, Debar H, Fillol E. Behavioral detection of malware:from a survey towards an established taxonomy[J]. Journal in Computer Virology, 2008, 4(3):251-266.
[2] Christodorescu M, Jha S, Seshia S A, et al. Semantics-aware malware detection[C]//Proc of the 2005 IEEE Symposium on Security and Privacy. California:[s.n.], 2005:32-46.
[3] 王蕊, 冯登国, 杨轶等. 基于语义的恶意代码行为特征提取及检测方法[J]. 软件学报, 2012, 23(2):378-393. Wang Rui, Feng Dengguo, Yang Yi, et al. Semantics-based malware behavior signature extraction and detection method[J]. Journal of Software, 2012, 23(2):378-393.
[4] 韩晓光, 曲武, 姚宣霞等. 基于纹理指纹的恶意代码变种检测方法研究[J]. 通信学报, 2014, 35(8):125-136. Han Xiaoguang, Qu Wu, Yao Xuanxia, et al. Research on malicious code variants detection based on texture fingerprint[J]. Journal on Communications, 2014, 35(8):125-136.
[5] Fan Yujie, Chen Lifei, Guo Gongde. Learning and classification of malicious behaviors in software code[J]. Journal of Data Acquisition and Processing, 2017, 32(3):612-620.
[6] 胥小波, 郑康锋, 李丹等. 新的混沌粒子群优化算法[J]. 通信学报, 2012, 33(1):24-33. Xu Xiaobo, Zheng Kangfeng, Li Dan, et al. New chaos-particle swarm optimization algorithm[J]. Journal on Communications, 2012, 33(1):24-33.
[7] Hiromu Yakura, Shinnosuke Shinozaki, Reon Nishimura, et al. Malware analysis of imaged binary samples by convolutional neural network with attention mechanism[C]//CODASPY'18 Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. Dallas, Texas, USA. ACM Press the 10th ACM Workshop. 2018:127-134.
[8] Cui Zhihua, Xue Fei, Cai Xingjuan, et al. Detection of malicious code variants based on deep learning[J]. IEEE Transactions on Industrial Informatics, 2018(14):3187-3196.
[9] 黄全伟. 基于N-Gram系统调用序列的恶意代码静态检测[D]. 哈尔滨:哈尔滨工业大学, 2009.
[10] Ravi C, Manoharan R. Malware detection using windows API sequence and machine learning[J]. International Journal of computer Applications, 2012, 43(17):12-16.
[11] 廖国辉, 刘嘉勇. 基于数据挖掘和机器学习的恶意代码检测方法[J]. 信息安全研究, 2016(1):74-79. Liao G H, Liu J Y. A malicious code detection method based on data mining and machine learning[J]. Journal of Information Security Research, 2016(1):74-79.
[12] Tobiyama S, Yamaguchi Y, Shimada H, et al. Malware detection with deep neural network using process behavior[C]//2016 40^th Annual IEEE Conference on Computer Software and Applications (COMPSAC). Atlanta:IEEE, 2016:577-582.
[13] Dahl G E, Stokes J W, Deng L, et al. Large-scale malware classification using random projections and neural networks[C]//2013 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). Vancouver:IEEE, 2013:3422-3426.

A Malicious Code Detection Method Based on Ensemble Learning of Behavior

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended Articles

Metrics

Comments

[1]	SUN Quan-ming, CHANG Lei, MA Cheng, QU Zhi-jian. Multi-Modal Transportation Recommendation Based on Graph Embedding and CaGBDT [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(5): 81-87,106.
[2]	PENG Yan, ZHAO Zi-ru, WU Ting-xian, WANG Jie. Prediction of PM_2.5 Concentration Based on Ensemble Learning [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2019, 42(6): 162-169.