[1]丁 应,李 琳.一种基于特征编码技术的恶意代码检测方法[J].计算机技术与发展,2021,31(01):131-136.[doi:10. 3969 / j. issn. 1673-629X. 2021. 01. 024]
 DING Ying,LI Lin.A Method for Detecting Malicious Code Based onFeature Encoding Technology[J].,2021,31(01):131-136.[doi:10. 3969 / j. issn. 1673-629X. 2021. 01. 024]
点击复制

一种基于特征编码技术的恶意代码检测方法()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
31
期数:
2021年01期
页码:
131-136
栏目:
网络与安全
出版日期:
2021-01-10

文章信息/Info

Title:
A Method for Detecting Malicious Code Based onFeature Encoding Technology
文章编号:
1673-629X(2021)01-0131-06
作者:
丁 应李 琳
武汉科技大学 计算机科学与技术学院,湖北 武汉 430065
Author(s):
DING YingLI Lin
School of Computer Science and Technology,Wuhan University of Science and Technology,Wuhan 430065,China
关键词:
双字节特征编码卷积神经网络恶意代码检测
Keywords:
double-bytefeature encodingconvolutional neural networkmalicious codedetection
分类号:
TP309;TP181
DOI:
10. 3969 / j. issn. 1673-629X. 2021. 01. 024
摘要:
在对恶意代码进行检测和分类时,由于传统的灰度编码方法将特征转换为图像的过程中,会产生特征分裂和精度损失等问题,严重影响了恶意代码的检测性能。 同时,传统的恶意代码检测和分类的数据集中只使用了单一的恶意样本,并没有考虑到良性样本。 因此,文中采用了一个包含良性样本和恶意样本的数据集,同时提出了一种双字节特征编码方法。 首先将待检测的 PE 文件特征编码为二进制数,从单个特征中取前两个字节,然后将所有字节转换为图像,最后通过卷积神经网络提取特征并在测试集上进行验证。 实验表明,通过将待检测的 PE 文件的特征进行双字节编码处理,相对于同等条件下的灰度编码方法,其准确率从 81. 4% 提升到 92. 82% 。 实验结果证明双字节特征编码方法能够有效地应用于恶意代码检测中。
Abstract:
In the detection and classification of malicious codes, the traditional gray-scale coding method will produce feature splitting and accuracy loss in the process of converting features into images, which will seriously affect the detection performance of malicious codes.At the same time,the traditional malicious code detection and classification dataset only uses a single malicious sample and does not take into account benign samples. Therefore, we adopt a dataset including benign samples and malicious samples and propose a double byte feature encoding method. Firstly, the features of PE file to be detected are encoded as binary numbers, the? ? first two bytes are taken from a single feature, then all bytes are transformed into images, and finally the features are extracted by convolutional neural network and verified on the test set. Experiments show that the PE file to be detected is double byte encoded,? ? the accuracy rate is improved from 81.4% to 92. 82% compared to the gray encoding method under the same conditions. The experimental results prove that the double-byte feature encoding method can be effectively applied to malicious code detection.

相似文献/References:

[1]陈翔.一种基于中文字符编码的文本水印算法研究[J].计算机技术与发展,2013,(02):237.
 CHEN Xiang.Research of a Text Watermarking Algorithm Based on Chinese Character Coding[J].,2013,(01):237.
[2]宋相法,姚旭.基于多描述子特征编码的人体行为识别[J].计算机技术与发展,2018,28(08):17.[doi:10.3969/ j. issn.1673-629X.2018.08.004]
 SONG Xiang-fa,YAO Xu.Human Activity Recognition Based on Multi-descriptor Feature Coding[J].,2018,28(01):17.[doi:10.3969/ j. issn.1673-629X.2018.08.004]

更新日期/Last Update: 2020-01-10