信息通信学术期刊网 | 设为首页 | 加入收藏
首 页   |  期刊简介   |  编辑委员会   |  投稿须知   |  广告咨询   |  期刊订阅   |  会议活动   |  联系我们   |  English

网络与信息安全学报 ›› 2017, Vol. 3 ›› Issue (11): 68-76.doi: 10.11959/j.issn.2096-109x.2017.00217

• 学术论文 • 上一篇    

基于静态多特征融合的恶意软件分类方法

孙博文1(),黄炎裔1,温俏琨2,田斌3,吴鹏4,李祺1   

  1. 1 北京邮电大学网络空间安全学院天地互联与融合北京市重点实验室,北京 100876
    2 北京邮电大学国际学院,北京 100876
    3 中国信息安全测评中心,北京 100085
    4 四川大学计算机学院,四川 成都 610015
  • 出版日期:2017-11-15 发布日期:2017-11-30
  • 基金资助:
    国家自然科学基金资助项目;国家自然科学基金资助项目

Malware classification method based on static multiple-feature fusion

Bo-wen SUN1(),Yan-yi HUANG1,Qiao-kun WEN2,Bin TIAN3,Peng WU4,Qi LI1   

  1. 1 Beijing Key Laboratory of Interconnection and Integration,School of Cyberspace Security,Beijing University of Post and Telecommunications,Beijing 100876,China
    2 International School,Beijing University of Post and Telecommunications,Beijing 100876,China
    3 China Information Technology Security Evaluation Center,Beijing 100085,China
    4 College of Computer Science Sichuan University,Chengdu 610015,China
  • Online:2017-11-15 Published:2017-11-30
  • Supported by:
    The National Natural Science Foundation of China;The National Natural Science Foundation of China

摘要:

近年来,恶意软件呈现出爆发式增长势头,新型恶意样本携带变异性和多态性,通过多态、加壳、混淆等方式规避传统恶意代码检测方法。基于大规模恶意样本,设计了一种安全、高效的恶意软件分类的方法,通过提取可执行文件字节视图、汇编视图、PE 视图3个方面的静态特征,并利用特征融合和分类器集成学习2种方式,提高模型的泛化能力,实现了特征与分类器之间的互补,实验证明,在样本上取得了稳定的F1-score(93.56%)。

关键词: 恶意软件, 家族分类, 静态分析, 机器学习, 模型融合

Abstract:

In recent years,the amount of the malwares has tended to rise explosively.New malicious samples emerge as variability and polymorphism.By means of polymorphism,shelling and confusion,traditional ways of detecting can be avoided.On the basis of massive malicious samples,a safe and efficient method was designed to classify the mal-wares.Extracting three static features including file byte features,assembly features and PE features,as well as im-proving generalization of the model through feature fusion and ensemble learning,which realized the complementarity between the features and the classifier.The experiments show that the sample achieve a stable F1-socre (93.56%).

Key words: malware, family classification, static analysis, machine learning, model fusion

版权所有 © 2015 《网络与信息安全学报》编辑部
地址:北京市丰台区成寿寺路11号邮电出版大厦8层 邮编:100078
电话:010-81055479,010-81055456,010-81055483  电子邮件:cjnis@bjxintong.com.cn