基于注意力与门控机制的多特征融合恶意软件检测方法

doi:10.11959/j.issn.2096-109x.2024002

Abstract

Abstract:

With the rapid development of network technology, the number and variety of malware have been increasing, posing a significant challenge in the field of network security.However, existing single-feature malware detection methods have proven inadequate in representing sample information effectively.Moreover, multi-feature detection approaches also face limitations in feature fusion, resulting in an inability to learn and comprehend the complex relationships within and between features.These limitations ultimately lead to subpar detection results.To address these issues, a malware detection method called MFAGM was proposed, which focused on multimodal feature fusion.By processing the .asm and .bytes files of the dataset, three key features belonging to two types (opcode statistics sequences, API sequences, and grey-scale image features) were successfully extracted.This comprehensive characterization of sample information from multiple perspectives aimed to improve detection accuracy.In order to enhance the fusion of these multimodal features, a feature fusion module called SA-JGmu was designed.This module utilized the self-attention mechanism to capture internal dependencies between features.It also leveraged the gating mechanism to enhance interactivity among different features.Additionally, weight-jumping links were introduced to further optimize the representational capabilities of the model.Experimental results on the Microsoft malware classification challenge dataset demonstrate that MFAGM achieves higher accuracy and F1 scores compared to other methods in the task of malware detection.

Key words: malware detection, deep learning, feature fusion, multimodal learning, static analysis

CLC Number:

TP309.5

Zhongyuan CHEN, Jianbiao ZHANG. Multi-feature fusion malware detection method based on attention and gating mechanisms[J]. Chinese Journal of Network and Information Security, 2024, 10(1): 123-135.

Figures/Tables 12

References 35

[1]	BlackBerry. Global threat intelligence report[R]. 2023-11.
[2]	HAN W J , XUE J F , WANG Y ,et al. MalDAE:detecting and explaining malware based on correlation and fusion of static and dynamic characteristics[J]. Computers ＆ Security, 2019,83: 208-233.
[3]	KORCZYNSKI D , YIN H . Capturing malware propagations with code injections and code-reuse attacks[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 1691-1708.
[4]	RIZVI S K J , ASLAM W , SHAHZAD M ,et al. PROUD-MAL:static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable[J]. Complex＆ Intelligent Systems, 2022,(2022): 1-13.
[5]	JOHNSON S , GOWTHAM R , NAIR A R . Ensemble model ransomware classification:a static analysis-based approach[M]// Inventive Computation and Information Technologies: Proceedings of ICICIT 2021. 2021: 153-167.
[6]	LOI N , BORILE C , UCCI D . Towards an automated pipeline for detecting and classifying malware through machine learning[J]. ArXiv Preprint arXiv:2106.05625, 2021.
[7]	BARBI S , BARBIERI F , MARINELLI S ,et al. Phase change material-sand mixtures for distributed latent heat thermal energy storage:Interaction and performance analysis[J]. Renewable Energy, 2021,169: 1066-1076.
[8]	CHANAJITT R , PFAHRINGER B , GOMES H M ,et al. Multiclass malware classification using either static opcodes or dynamic API calls[C]// Proceedings of Australasian Joint Conference on Artificial Intelligence. 2022: 427-441.
[9]	JING C , WU Y , CUI C Y . Ensemble dynamic behavior detection method for adversarial malware[J]. Future Generation Computer Systems, 2022,130: 193-206.
[10]	LI C , LV Q J , LI N ,et al. A novel deep framework for dynamic malware detection based on API sequence intrinsic features[J]. Computers ＆ Security, 2022,116:102686.
[11]	AFIANIAN A , NIKSEFAT S , SADEGHIYAN B ,et al. Malware dynamic analysis evasion techniques:a survey[J]. ACM Computing Surveys (CSUR), 2019,52(6): 1-28.
[12]	LEBBIE M , PRABHU S R , AGRAWAL A K . Comparative analysis of dynamic malware analysis tools[C]// Proceedings of the International Conference on Paradigms of Communication,Computing and Data Sciences:PCCDS 2021. 2021: 359-368.
[13]	GAO X W , HU C Z , SHAN C ,et al. Malware classification for the cloud via semi-supervised transfer learning[J]. Journal of Information Security and Applications, 2020,55:102661.
[14]	GIBERT D , MATEU C , PLANES J . A hierarchical convolutional neural network for malware classification[C]// Proceedings of 2019 International Joint Conference on Neural Networks (IJCNN). 2019: 1-8.
[15]	DU J , RAZA S H , AHMAD M ,et al. Digital forensics as advanced ransomware pre-attack detection algorithm for endpoint data protection[J]. Security and Communication Networks, 2022,(2022): 1-16.
[16]	KIM T G , KANG B J , BHO M ,et al. A multimodal deep learning method for android malware detection using various features[J]. IEEE Transactions on Information Forensics and Security, 2018,14(3): 773-788.
[17]	GIBERT D , MATEU C , PLANES J . HYDRA:a multimodal deep learning framework for malware classification[J]. Computers ＆ Security, 2020,95: 101873.
[18]	GIBERT D , MATEU C , PLANES J ,et al. Using convolutional neural networks for classification of malware represented as images[J]. Journal of Computer Virology and Hacking Techniques, 2019,(15): 15-28.
[19]	NARAYANAN B N , DJANEYE-BOUNDJOU O , KEBEDE T M . Performance analysis of machine learning and pattern recognition algorithms for malware classification[C]// Proceedings of 2016 IEEE National Aerospace and Electronics Conference (NAECON) and Ohio Innovation Summit (OIS). 2016: 338-342.
[20]	WOJNOWICZ M , CHISHOLM G , WOLFF M ,et al. Wavelet decomposition of software entropy reveals symptoms of malicious code[J]. Journal of Innovation in Digital Ecosystems, 2016,3(2): 130-140.
[21]	GIBERT D , MATEU C , PLANES J ,et al. Classification of malware by using structural entropy on convolutional neural networks[C]// Proceedings of the AAAI Conference on Artificial Intelligence. 2018,32(1).
[22]	RAFF E , BARKER J , SYLVESTER J ,et al. Malware detection by eating a whole exe[C]// Proceedings of Workshops at the Thirty-second AAAI Conference on Artificial Intelligence. 2018.
[23]	LE Q , BOYDELL O , MAC NAMEE B ,et al. Deep learning at the shallow end:malware classification for non-domain experts[J]. Digital Investigation, 2018,26: S118-S126.
[24]	GIBERT D , MATEU C , PLANES J . An end-to-end deep learning architecture for classification of malware’s binary content[C]// Proceedings of International Conference on Artificial Neural Networks. 2018: 383-391.
[25]	YOUSEFI-AZAR M , VARADHARAJAN V , HAMEY L ,et al. Autoencoder-based feature learning for cyber security applications[C]// 2017 International Joint Conference on Neural Networks (IJCNN). 2017: 3854-3861.
[26]	AHMADI M , ULYANOV D , SEMENOV S ,et al. Novel feature extraction,selection and fusion for effective malware family classification[C]// Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. 2016: 183-194.
[27]	MCLAUGHLIN N , MARTINEZ DEL RINCON J , KANG B J ,et al. Deep android malware detection[C]// Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. 2017: 301-308.
[28]	MAYS M , DRABINSKY N , BRANDLE S . Feature Selection for Malware Classification[C]// MAICS. 2017: 165-170.
[29]	RONEN R , RADU M , FEUERSTEIN C ,et al. Microsoft malware classification challenge[J]. ArXiv Preprint arXiv:1802.10135, 2018.
[30]	GIBERT D . PE parser:a python package for portable executable files processing[J]. Software Impacts, 2022,13:100365.
[31]	GIBERT D , PLANES J , MATEU C ,et al. Fusing feature engineering and deep learning:a case study for malware classification[J]. Expert Systems with Applications, 2022,207:117957.
[32]	BILAR D . Statistical structures:fingerprinting malware for classification and analysis[J]. Proceedings of Black Hat Federal 2006, 2006.
[33]	KIM Y . Convolutional neural networks for sentence classification[J]. ArXiv Preprint arXiv:1408.5882, 2014.
[34]	VASWANI A , SHAZEER N , PARMAR N ,et al. Attention is all you need[J]. Advances in Neural Information Processing Systems, 2017,30.
[35]	AREVALO J , SOLORIO T , MONTES-Y-GOMEZ M , ,et al. Gated multimodal units for information fusion[J]. ArXiv Preprint arXiv:1702.01992, 2017.

Metrics

Recommended 0

No Suggested Reading articles found!

家族	数量/个	类别
Ramnit	1 541	蠕虫
Lollipop	2 478	广告软件
Kelihos_ver3	2 942	后门
Vundo	475	木马
Simda	42	后门
Tracur	751	木马下载器
Kelihos_ver1	398	后门
Obfuscator.ACY	1 228	混淆的恶意软件
Gatak	1 013	后门

模型	准确率	F1分数	精确率	召回率
API网络	97.29%	85.71%	85.14%	86.38%
Opcode网络	98.02%	97.39%	98.08%	96.81%
Image网络	96.50%	93.26%	93.86%	92.76%
MFAGM的完整模型	99.17%	99.03%	99.03%	99.02%

模型	准确率	F1分数	精确率	召回率
-A	98.94%	98.26%	97.75%	98.82%
-O	97.75%	93.99%	92.69%	96.52%
-I	98.85%	97.17%	95.89%	98.87%
-SA	98.71%	96.72%	95.63%	98.45%
-JGmu	98.99%	97.62%	97.64%	97.60%
-JC	99.03%	98.30%	97.69%	98.99%
-SA-JGmu	98.34%	98.08%	98.10%	98.11%
All	99.17%	99.03%	99.03%	99.02%

Multi-feature fusion malware detection method based on attention and gating mechanisms

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 35

Related Articles 15

Metrics

Recommended 0

[1]	Yan LI, Weizhong QIANG, Zhen LI, Deqing ZOU, Hai JIN. Deep learning vulnerability detection method based on optimized inter-procedural semantics of programs [J]. Chinese Journal of Network and Information Security, 2023, 9(6): 86-101.
[2]	Jinwei WANG, Zhengjia CHEN, Xue XIE, Xiangyang LUO, Bin MA. Review of malware detection and classification visualization techniques [J]. Chinese Journal of Network and Information Security, 2023, 9(5): 1-20.
[3]	Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149.
[4]	Rongna XIE, Zhuhong MA, Zongyu LI, Ye TIAN. Encrypted traffic classification method based on convolutional neural network [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 84-91.
[5]	Dengyong ZHANG, Huang WEN, Feng LI, Peng CAO, Lingyun XIANG, Gaobo YANG, Xiangling DING. Image inpainting forensics method based on dual branch network [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 110-122.
[6]	Jiaying LIN, Wenbo ZHOU, Weiming ZHANG, Nenghai YU. Lip forgery detection via spatial-frequency domain combination [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 146-155.
[7]	Jinyin CHEN, Changan WU, Haibin ZHENG. Novel defense based on softmax activation transformation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 48-63.
[8]	Baolin QIU, Ping YI. Adversarial examples defense method based on multi-dimensional feature maps knowledge distillation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 88-99.
[9]	Lijuan LI, Man LI, Hongjun BI, Huachun ZHOU. Multi-type low-rate DDoS attack detection method based on hybrid deep learning [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 73-85.
[10]	Zhongyuan QIN, Zhaoxiang HE, Tao LI, Liquan CHEN. Adversarial example defense algorithm for MNIST based on image reconstruction [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 86-94.
[11]	Yuan LI, Yunpeng WANG, Tao LI, Baoqiang MA. Webshell malicious traffic detection method based on multi-feature fusion [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 143-154.
[12]	Deqing ZOU, Xiang LI, Minhuan HUANG, Xiang SONG, Hao LI, Weiming LI. Intelligent vulnerability detection system based on graph structured source code slice [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 113-122.
[13]	Zhenglong WANG, Baowen ZHANG. Survey of generative adversarial network [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 68-85.
[14]	Binglong LI, Jinlong TONG, Yu ZHANG, Yifeng SUN, Qingxian WANG, Chaowen CHANG. Auto forensic detecting algorithms of malicious code fragment based on TensorFlow [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 154-163.
[15]	Qingyin TAN, Yingming ZENG, Ye HAN, Yijing LIU, Zheli LIU. Survey on backdoor attacks targeted on neural network [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 46-58.