Font Size: a A A

Research On Malware Homology Based On Attention Mechanism

Posted on:2022-11-21Degree:MasterType:Thesis
Country:ChinaCandidate:R Z WangFull Text:PDF
GTID:2506306752965349Subject:Internet Technology
Abstract/Summary:
At present,malicious code comes in many forms,malware is more stealthy and persistent,and the trend of malicious code family is becoming more and more obvious.The research on the homology of malicious code is of great significance for cracking down on cybercrime and maintaining cyberspace security.This paper combines the attention mechanism to analyze the homology of malicious code,explores the discrimination effect of attention mechanism on malicious code families,and proposes efficient and accurate methods for malicious code homology determination.The main research contents of this paper are as follows:(1)In view of the large scale of malicious samples,the malicious code homology determination model based on deep neural network has a large amount of parameters and huge consumption of computing resources,a homology analysis method of malicious code based on attention distillation network is proposed.The method uses malicious code visualization technology to convert binary text into images and adopts the idea of knowledge distillation.In the teacher network model,residual network is used to extract the deep-seated features of image texture and attention mechanism is introduced to guide the student network model training.The experimental results show that under the guidance and training of the teacher network,the student network achieves the homology determination effect similar to that of the teacher network,which is beneficial to the homology determination of batch samples.(2)Aiming at the problems of insufficient ability to capture malicious code features,lack of malicious behavior information,and insufficient performance of the homology determination algorithm,a homology analysis method of malicious code based on the mixed domain attention mechanism is proposed.The method uses the reverse engineering tool to obtain the features of each section of the malicious sample and then fuses the features of each section to construct a feature matrix.The depthwise separable convolution network based on the mixed domain attention mechanism is built to extract the core features of malicious sample feature matrix from channel and space dimensions.The experimental results show that the fusion feature can effectively distinguish various malicious code families,and the model achieves a better homology determination effect than the traditional neural network models.(3)Aiming at the problem that the existing malicious code homology determination models do not deeply consider the family characteristics of malicious samples and describe the aggregation and transmission relationship between malicious behaviors,a malicious code homology analysis based on graph attention network is proposed.The method takes the assembly instructions of malicious samples as the research object,analyzes the importance and correlation between the assembly instructions of different malicious families,and then builds the assembly instruction heterogeneous graph to strengthen the feature expression.In terms of model construction,the residual network structure is used to improve the graph attention network to enhance the ability to identify malicious family variants.The experimental results show that the method is superior to the traditional homology determination methods,and the model accuracy rate reaches 98.83%,which can effectively determine the homology of malicious code.
Keywords/Search Tags:Malicious code, Homology analysis, Attention mechanism, Knowledge distillation, Graph neural network
Related items