通信学报 ›› 2018, Vol. 39 ›› Issue (11): 44-53.doi: 10.11959/j.issn.1000-436x.2018227

• 学术论文 • 上一篇    下一篇

抗混淆的恶意代码图像纹理特征描述方法

刘亚姝1,2,王志海1(),严寒冰3,侯跃然4,来煜坤5   

  1. 1 北京交通大学计算机与信息技术学院,北京 100044
    2 北京建筑大学电气与信息工程学院,北京 100044
    3 国家计算机网络应急技术处理协调中心,北京 100029
    4 北京邮电大学网络技术研究院,北京 100876
    5 卡迪夫大学计算机科学与信息学院,英国 卡迪夫,CF24 3AA
  • 修回日期:2018-10-26 出版日期:2018-11-01 发布日期:2018-12-10
  • 作者简介:刘亚姝(1977?),女,吉林大安人,北京交通大学博士生,主要研究方向为信息安全、数据挖掘。|王志海(1963–),男,河南安阳人,博士,北京交通大学教授、博士生导师,主要研究方向为数据挖掘、机器学习、计算智能。|严寒冰(1975–),男,江西进贤人,博士,国家计算机网络应急技术处理协调中心教授级高工、博士生导师,主要研究方向为信息安全。|侯跃然(1994–),男,内蒙古呼和浩特人,北京邮电大学硕士生,主要研究方向为信息安全、机器学习。|来煜坤(1978–),男,浙江萧山人,博士,英国卡迪夫大学副教授,主要研究方向为计算机视觉、图像处理。
  • 基金资助:
    国家自然科学基金资助项目(U1736218);国家自然科学基金资助项目(61672086);国家重点研发计划基金资助项目(2018YFB0803604)

Method of anti-confusion texture feature descriptor for malware images

Yashu LIU1,2,Zhihai WANG1(),Hanbing YAN3,Yueran HOU4,Yukun LAI5   

  1. 1 School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China
    2 School of Electrical and Information Engineering,Beijing University of Civil Engineering and Architecture,Beijing 100044,China
    3 National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100029,China
    4 Institute of Network Technology,Beijing University of Posts and Telecommunication,Beijing 100876,China
    5 School of Computer Science and Informatics,Cardiff University,Cardiff CF24 3AA,UK
  • Revised:2018-10-26 Online:2018-11-01 Published:2018-12-10
  • Supported by:
    The National Natural Science Foundation of China(U1736218);The National Natural Science Foundation of China(61672086);The National Key Research and Development Program of China(2018YFB0803604)

摘要:

将图像处理技术与机器学习方法相结合是恶意代码可视化研究的一个新方法。在这种研究方法中,恶意代码灰度图像纹理特征的描述对恶意代码分类结果的准确性影响较大。为此,提出新的恶意代码图像纹理特征描述方法。通过将全局特征(GIST)与局部特征(LBP或dense SIFT)相融合,构造抗混淆、抗干扰的融合特征,解决了在恶意代码灰度图像相似度较高或差异性较大时全局特征分类准确性急剧降低的问题。实验表明,该方法与传统方法相比具有更好的稳定性和适用性,同时在较易混淆的数据集上,分类准确率也有了明显的提高。

关键词: 恶意代码可视化, 图像纹理, 特征描述符, 恶意代码分类

Abstract:

It is a new method that uses image processing and machine learning algorithms to classify malware samples in malware visualization field.The texture feature description method has great influence on the result.To solve this problem,a new method was presented that joints global feature of GIST with local features of LBP or dense SIFT in order to construct combinative descriptors of malware gray-scale images.Using those descriptors,the malware classification performance was greatly improved in contrast to traditional method,especially for those samples have higher similarity in the different families,or those have lower similarity in the same family.A lot of experiments show that new method is much more effective and general than traditional method.On the confusing dataset,the accuracy rate of classification has been greatly improved.

Key words: malware visualization, image texture, feature descriptors, malware classification

中图分类号: 

No Suggested Reading articles found!