通信学报 ›› 2022, Vol. 43 ›› Issue (9): 169-180.doi: 10.11959/j.issn.1000-436x.2022171

• 学术论文 • 上一篇    下一篇

对抗训练驱动的恶意代码检测增强方法

刘延华1,2, 李嘉琪1,2, 欧振贵1,2, 高晓玲1,2, 刘西蒙1, MENG Weizhi3, 刘宝旭4   

  1. 1 福州大学计算机与大数据学院,福建 福州 350108
    2 福建省网络计算与智能信息处理重点实验室,福建 福州 350108
    3 丹麦科技大学应用数学和计算机系,哥本哈根 2800
    4 中国科学院信息工程研究所,北京 100093
  • 修回日期:2022-08-29 出版日期:2022-09-25 发布日期:2022-09-01
  • 作者简介:刘延华(1972- ),男,山东济宁人,博士,福州大学副教授、硕士生导师,主要研究方向为网络空间安全、网络数据分析、网络系统故障分析、智能计算及应用等
    李嘉琪(1998- ),女,福建漳州人,福州大学硕士生,主要研究方向为恶意代码检测、网络安全等
    欧振贵(1998- ),男,福建莆田人,福州大学硕士生,主要研究方向为知识图谱融合、实体对齐、知识图谱补全、链接预测等
    高晓玲(1995- ),女,福建漳州人,福州大学硕士生,主要研究方向为网络安全
    刘西蒙(1988- ),男,陕西西安人,博士,福州大学研究员,主要研究方向为隐私计算、密文数据挖掘、大数据隐私保护、可搜索加密等
    MENG Weizhi(1986– ),男,博士,丹麦科技大学副教授,主要研究方向为入侵检测、生物认证、恶意程序检测、人工智能安全、区块链应用等
    刘宝旭(1972- ),男,山东沂水人,博士,中国科学院信息工程研究所研究员、博士生导师,主要研究方向为网络攻防、威胁情报、态势感知、威胁发现、网络溯源等
  • 基金资助:
    国家自然科学基金资助项目(62072109);国家自然科学基金资助项目(U1804263);福建省自然科学基金资助项目(2021J01625);福建省自然科学基金资助项目(2021J01616);福建省科技重大专项(科教联合)项目(2021HZ022007)

Adversarial training driven malicious code detection enhancement method

Yanhua LIU1,2, Jiaqi LI1,2, Zhengui OU1,2, Xiaoling GAO1,2, Ximeng LIU1, Weizhi MENG3, Baoxu LIU4   

  1. 1 College of Computer and Data Science, Fuzhou University, Fuzhou 350108, China
    2 Fujian Provincial Key Laboratory of Networking Computing and Intelligent Information Processing, Fuzhou University, Fuzhou 350108, China
    3 Department of Applied Mathematics and Computer Science, Technical University of Denmark, Copenhagen 2800, Denmark
    4 Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Revised:2022-08-29 Online:2022-09-25 Published:2022-09-01
  • Supported by:
    The National Natural Science Foundation of China(62072109);The National Natural Science Foundation of China(U1804263);The Natural Science Foundation of Fujian Province(2021J01625);The Natural Science Foundation of Fujian Province(2021J01616);Major Science and Technology Project of Fujian Province(2021HZ022007)

摘要:

为了解决恶意代码检测器对于对抗性输入检测能力的不足,提出了一种对抗训练驱动的恶意代码检测增强方法。首先,通过反编译工具对应用程序进行预处理,提取应用程序接口(API)调用特征,将其映射为二值特征向量。其次,引入沃瑟斯坦生成对抗网络,构建良性样本库,为恶意样本躲避检测器提供更加丰富的扰动组合。再次,提出了一种基于对数回溯法的扰动删减算法。将良性样本库中的样本以扰动的形式添加到恶意代码中,对添加的扰动进行二分删减,以较少的查询次数减少扰动的数量。最后,将恶意代码对抗样本标记为恶意并对检测器进行重训练,提高检测器的准确性和稳健性。实验结果表明,生成的恶意代码对抗样本可以躲避目标检测器的检测。此外,对抗训练提升了目标检测器的准确率和稳健性。

关键词: 对抗训练, 检测增强, 生成对抗网络, 扰动删减

Abstract:

To solve the deficiency of the malicious code detector’s ability to detect adversarial input, an adversarial training driven malicious code detection enhancement method was proposed.Firstly, the applications were preprocessed by a decompiler tool to extract API call features and map them into binary feature vectors.Secondly, the Wasserstein generative adversarial network was introduced to build a benign sample library to provide a richer combination of perturbations for malicious sample evasion detectors.Then, a perturbation reduction algorithm based on logarithmic backtracking was proposed.The benign samples were added to the malicious code in the form of perturbations, and the added benign perturbations were culled dichotomously to reduce the number of perturbations with fewer queries.Finally, the adversarial malicious code samples were marked as malicious and the detector was retrained to improve its accuracy and robustness of the detector.The experimental results show that the generated malicious code adversarial samples can evade the detector well.Additionally, the adversarial training increases the target detector’s accuracy and robustness.

Key words: adversarial training, detection enhancement, generative adversarial network, perturbation reduction

中图分类号: 

No Suggested Reading articles found!