通信学报 ›› 2018, Vol. 39 ›› Issue (11): 44-53.doi: 10.11959/j.issn.1000-436x.2018227
修回日期:
2018-10-26
出版日期:
2018-11-01
发布日期:
2018-12-10
作者简介:
刘亚姝(1977?),女,吉林大安人,北京交通大学博士生,主要研究方向为信息安全、数据挖掘。|王志海(1963–),男,河南安阳人,博士,北京交通大学教授、博士生导师,主要研究方向为数据挖掘、机器学习、计算智能。|严寒冰(1975–),男,江西进贤人,博士,国家计算机网络应急技术处理协调中心教授级高工、博士生导师,主要研究方向为信息安全。|侯跃然(1994–),男,内蒙古呼和浩特人,北京邮电大学硕士生,主要研究方向为信息安全、机器学习。|来煜坤(1978–),男,浙江萧山人,博士,英国卡迪夫大学副教授,主要研究方向为计算机视觉、图像处理。
基金资助:
Yashu LIU1,2,Zhihai WANG1(),Hanbing YAN3,Yueran HOU4,Yukun LAI5
Revised:
2018-10-26
Online:
2018-11-01
Published:
2018-12-10
Supported by:
摘要:
将图像处理技术与机器学习方法相结合是恶意代码可视化研究的一个新方法。在这种研究方法中,恶意代码灰度图像纹理特征的描述对恶意代码分类结果的准确性影响较大。为此,提出新的恶意代码图像纹理特征描述方法。通过将全局特征(GIST)与局部特征(LBP或dense SIFT)相融合,构造抗混淆、抗干扰的融合特征,解决了在恶意代码灰度图像相似度较高或差异性较大时全局特征分类准确性急剧降低的问题。实验表明,该方法与传统方法相比具有更好的稳定性和适用性,同时在较易混淆的数据集上,分类准确率也有了明显的提高。
中图分类号:
刘亚姝,王志海,严寒冰,侯跃然,来煜坤. 抗混淆的恶意代码图像纹理特征描述方法[J]. 通信学报, 2018, 39(11): 44-53.
Yashu LIU,Zhihai WANG,Hanbing YAN,Yueran HOU,Yukun LAI. Method of anti-confusion texture feature descriptor for malware images[J]. Journal on Communications, 2018, 39(11): 44-53.
表6
GIST特征在特殊数据集分类中的混淆矩阵"
Autorun.K | Benign | Fakerean | Luder.B | Obfusca | Skintrim.N | Virut.A | Virut.AC | Virut.AK | |
Autorun.K | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Benign | 0 | 0.667 | 0 | 0.303 | 0 | 0 | 0 | 0 | 0.03 |
Fakerean | 0 | 0 | 0.974 | 0 | 0 | 0 | 0 | 0 | 0.026 |
Luder.B | 0 | 0.102 | 0 | 0.837 | 0 | 0 | 0 | 0 | 0.061 |
Obfusca | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
Skintrim.N | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 |
Virut.A | 0 | 0 | 0 | 0 | 0 | 0 | 0.882 | 0 | 0.118 |
Virut.AC | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
Virut.AK | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
表7
抗混淆新特征在特殊数据集分类中的混淆矩阵"
Autorun.K | Benign | Fakerean | Luder.B | Obfusca | Skintrim.N | Virut.A | Virut.AC | Virut.AK | |
Autorun.K | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Benign | 0 | 0.75 | 0 | 0.208 | 0 | 0 | 0 | 0 | 0.042 |
Fakerean | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
Luder.B | 0 | 0.082 | 0 | 0.898 | 0 | 0 | 0 | 0 | 0.02 |
Obfuscator.AD | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 |
Skintrim.N | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 0 |
Virut.A | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 |
Virut.AC | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
Virut.AK | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
表8
Gist特征与LBP特征相融合的实验结果"
RF | Gist特征与LBP特征相融合 | Gist | LBP | ||||
Gist_10%LBP | Gist_30%LBP | Gist_50%LBP | Gist_70%LBP | Gist_100%LBP | |||
estimator=10 | 0.954 | 0.958 | 0.959 | 0.957 | 0.958 | 0.893 | 0.899 |
estimator=15 | 0.953 | 0.958 | 0.961 | 0.960 | 0.961 | 0.901 | 0.901 |
estimator=20 | 0.955 | 0.960 | 0.962 | 0.961 | 0.964 | 0.899 | 0.903 |
estimator=25 | 0.957 | 0.963 | 0.965 | 0.962 | 0.964 | 0.900 | 0.904 |
表9
Gist特征与dense SIFT特征相融合的实验结果"
RF | Gist特征与dense SIFT特征相融合 | Gist | Dense | ||||
10% dense SIFT | 30% dense SIFT | 50% dense SIFT | 70% dense SIFT | 100% dense SIFT | SIFT | ||
estimator=10 | 0.957 | 0.960 | 0.960 | 0.960 | 0.960 | 0.893 | 0.924 |
estimator=15 | 0.961 | 0.962 | 0.963 | 0.964 | 0.964 | 0.901 | 0.922 |
estimator=20 | 0.963 | 0.964 | 0.963 | 0.964 | 0.963 | 0.899 | 0.931 |
estimator=25 | 0.965 | 0.965 | 0.965 | 0.966 | 0.966 | 0.900 | 0.923 |
[1] | 杜敬凯 . 二进制恶意代码的同源性分析[D]. 北京:北京航空航天大学, 2016. |
DU J K . Homology analysis of binary malicious code[D]. Beijing:Beihang University, 2016. | |
[2] | SATHYANARAYAN V S , KOHLI P , BRUHADESHWAR B . Signature generation and detection of malware families[C]// Proceedings of Australasian Conference on Information Security and Privacy. 2008: 336-349. |
[3] | ABBAS M F B , SRIKANTHAN T . Low-complexity signature-based malware detection for IoT devices[C]// Proceedings of Applications and Techniques in Information Security. 2017: 181-189. |
[4] | FIRDAUSI I , LIM C , ERWIN A ,et al. Analysis of machine learning techniques used in behavior-based malware detection[C]// IEEE International Conference on Advances in Computing. 2010: 201-203. |
[5] | 王蕊, 冯登国, 杨轶 ,等. 基于语义的恶意代码行为特征提取及检测方法[J]. 软件学报, 2012,23(2): 378-393. |
WANG R , FENG D G , YANG Y ,et al. Semantics-based malware be-havior signature extraction and detection method[J]. Journal of Soft-ware, 2012,23(2): 378-393. | |
[6] | 任李, 潘晓中 . 基于对象语义的恶意代码检测方法[J]. 计算机应用研究, 2013,30(10): 3106-3113. |
REN L , PAN X Z . Object-semantics based malware detection meth-od[J]. Application Research of Computers, 2013,30(10): 3106-3113. | |
[7] | SANTOS I , BREZO F , NIEVES J ,et al. Idea:opcode-sequence based malware detection[C]// International Conference on Engineering Secure Software and Systems. 2010: 35-43. |
[8] | O’KANE P , SEZERAND S , MCLANGHLIN K . Detecting obfuscated malware using reduced opcode set and optimized runtime trace[J]. Security Informatics, 2016,5(1): 2-13. |
[9] | QIAO Y C , YUN X C , ZHANG Y Z ,et al. Fast reused function retrieval method based on simHash and inverted index[C]// The 15th IEEE International Conference on Trust,Security and Privacy in Computing and Communications. 2017: 937-944. |
[10] | BONFANTE G , KACZMAREK M , MARION JY . Architecture of a morphological malware detector[J]. Computer Virology, 2009,5(3): 263-270. |
[11] | CESARE S , XIANG Y . A fast flow graph based classification system for packed and polymorphic malware on the end host[C]// Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications. 2010: 721-728. |
[12] | KINABLE J , KOSTAKIS O . Malware classification based on call graph clustering[J]. Computer Virology, 2011,7(4): 233-245. |
[13] | TRINIUS P , HOLS T , GOBEL J ,et al. Visual analysis of malware behavior using treemaps and thread graphs[C]// the 6th International Workshop on Visualization for Cyber Security. 2010: 33-38. |
[14] | CONTI G , BRATUS S , SHUBING A ,et al. Automated mapping of large binary objects using primitive fragment type classification[J]. Digital Investigation:The International Journal of Digital Forensics and Incident Response, 2010,7: S3-S12. |
[15] | NATARAJ L , KARTHIKEYAN S , JACOB G ,et al. Malware images:visualization and automatic classification[C]// The 8th International Symposium on Visualization for Cyber Security. 2011: 21-29. |
[16] | HAN K S , LIM J H , KANG B J ,et al. Malware analysis using visualized images and entropy graphs[J]. International Journal of Information Security, 2015,14(1): 1-14. |
[17] | YAN H B , ZHOU H , ZHANG H G . Automatic malware classification via PRICoLBP[J]. Chinese Journal of Electronics, 2018,27(4): 852-859. |
[18] | OLIVA A , TORRALBA A . Modeling the shape of the scene:a holistic representation of the spatial envelope[J]. International Journal of Computer Vision, 2001,42(3): 145-175. |
[19] | TORRALBA A , MURPHY A , FREEMAN K P ,et al. Context-based vision systems for place and object recognition[C]// International conference on Computer Vision. 2003:273. |
[20] | OJALA T , PIETIKAINEN M , MAENPAA T . Multiresolution gray-scale and rotation invariant texture classification with local binary patterns[J]. IEEE Transactions on Pattern Analysis & Machine Intelligence, 2000,24(7): 971-987. |
[21] | LOWE D G , . Object recognition from local scale-invariant features[C]// International Conference on Computer Vision. 1999: 1150-1157. |
[1] | 李竟博, 马礼, 李阳, 傅颖勋, 马东超. 感传算协同工业互联网优化设计[J]. 通信学报, 2023, 44(6): 12-22. |
[2] | 赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56. |
[3] | 陈真, 陈文辉, 刘啸威, 尤殿龙, 刘林林, 申利民. 功能互补关系增强的云API推荐方法[J]. 通信学报, 2023, 44(6): 125-137. |
[4] | 魏德宾, 潘成胜, 杨力, 颜佐任. 基于网络流量水平等级预测的自适应随机早期检测算法[J]. 通信学报, 2023, 44(6): 154-166. |
[5] | 李元诚, 秦永泰. 基于深度强化学习的软件定义安全中台QoS实时优化算法[J]. 通信学报, 2023, 44(5): 181-192. |
[6] | 夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123. |
[7] | 谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215. |
[8] | 罗智勇, 张玉, 王青, 宋伟伟. 基于贝叶斯攻击图的SDN入侵意图识别算法的研究[J]. 通信学报, 2023, 44(4): 216-225. |
[9] | 王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊, 周永良, 马佳利. 基于对比增量学习的细粒度恶意流量分类方法[J]. 通信学报, 2023, 44(3): 1-11. |
[10] | 张进, 葛强, 徐伟海, 江逸茗, 马海龙, 于洪涛. 拟态路由器BGP代理的设计实现与形式化验证[J]. 通信学报, 2023, 44(3): 33-44. |
[11] | 经普杰, 王良民, 董学文, 张玉书, 王骞, Muhammad Sohail. 分层跨链结构:一种面向区块链系统监管的可行架构[J]. 通信学报, 2023, 44(3): 93-104. |
[12] | 舒坚, 史佳伟, 刘琳岚, Manar Al-Kali. 基于时空卷积的机会网络拓扑预测[J]. 通信学报, 2023, 44(3): 145-156. |
[13] | 王东滨, 吴东哲, 智慧, 郭昆, 张勖, 时金桥, 张宇, 陆月明. 软件定义网络抗拒绝服务攻击的流表溢出防护[J]. 通信学报, 2023, 44(2): 1-11. |
[14] | 康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135. |
[15] | 张云涛, 方滨兴, 杜春来, 王忠儒, 崔志坚, 宋首友. 基于异构观测链的容器逃逸检测方法[J]. 通信学报, 2023, 44(1): 49-63. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|