| 405 | 0 | 104 |
| 下载次数 | 被引频次 | 阅读次数 |
恶意代码数量越来越庞大,恶意代码分类检测技术也面临着越来越大的挑战。针对这个问题,一种新的恶意代码分类检测框架MGFG(malware gray image Fourier transform gist)模型被提出,其将恶意代码可执行(portable executable, PE)文件转换为灰度图像,应用二维离散傅里叶变换对恶意代码的灰度图像进行处理,得到其频谱图。通过对频谱图频率的处理,达到恶意代码图像去噪的效果。最后,提取全局特征(gist)并实现恶意代码的检测与分类。实验结果表明,在多个数据集上,MGFG模型对于加壳的、采用了混淆技术的恶意代码分类问题都具有更好的鲁棒性和更高的分类准确率。
Abstract:The number of malware increased rapidly, and malware classification and detection techniques were facing serious challenges. To address this issue, a new malware classification and detection framework, MGFG(malware gray image Fourier transform gist) model was proposed. The malware PE files were converted into gray images, and then the two-dimensional discrete Fourier transform was applied to the gray images of malware to obtain their spectrograms. By processing the spectrogram frequencies, the effect of malware image denoising was achieved. Finally, the global features(gist) were extracted to detect and classify malware. The experimental results showed that the MGFG model had better robustness and higher classification accuracy on multiple datasets for the classification problem of shelled, obfuscated malware.
[1] 杨铭,张健.基于图像识别的恶意软件静态检测模型[J].信息网络安全,2021,21(10):25-32.YANG M,ZHANG J.Static detection model of malware based on image recognition[J].Netinfo security,2021,21(10):25-32.
[2] 吕杨琦,王张宜,杨秀璋,等.基于特征功能函数的APT样本分类方法[J].郑州大学学报(理学版),2023,55(2):10-17,24.LYU Y Q,WANG Z Y,YANG X Z,et al.A novel APT malware classification method based on feature function code[J].Journal of Zhengzhou university (natural science edition),2023,55(2):10-17,24.
[3] NATARAJ L,KARTHIKEYAN S,JACOB G,et al.Malware images:visualization and automatic classification [C]∥The 8th International Symposium on Visualization for Cyber Security.New York:ACM Press,2011:21-29.
[4] XIAO M,GUO C,SHEN G W,et al.Image-based malware classification using section distribution information[J].Computers & security,2021,110:102420.
[5] SHAUKAT K,LUO S H,VARADHARAJAN V.A novel deep learning-based approach for malware detection[J].Engineering applications of artificial intelligence,2023,122:106030.
[6] AZAB A,KHASAWNEH M.MSIC:malware spectrogram image classification[J].IEEE access,2007,8:102007-102021.
[7] QIAO Y C,ZHANG B,ZHANG W Z.Malware classification method based on word vector of bytes and multilayer perception[C]//ICC 2020-2020 IEEE International Conference on Communications (ICC).Piscataway:IEEE Press,2020:1-6.
[8] 陈小寒,魏书宁,覃正泽.基于深度学习可视化的恶意软件家族分类[J].计算机工程与应用,2021,57(22):131-138.CHEN X H,WEI S N,QIN Z Z.Malware family classification based on deep learning visualization[J].Computer engineering and applications,2021,57(22):131-138.
[9] DENG H X,GUO C,SHEN G W,et al.MCTVD:a malware classification method based on three-channel visualization and deep learning[J].Computers & security,2023,126:103084.
[10] CONTI G,BRATUS S,SHUBINAINA A.A visual study of primitive binary fragment[R].Las Vegas:Black Hat,2011.
[11] 朱秀昌,刘峰,胡栋.数字图像处理与图像通信[M].北京:北京邮电大学出版社,2002:58-59.ZHU X C,LIU F,HU D.Digital Image Processing and Image Communication[M].Beijing:Beijing University of Posts and Telecommunications Press,2002:58-59.
[12] 禹晶,孙卫东,肖创柏.数字图像处理[M].北京:机械工业出版社,2015:78-101.YU J,SUN W D,XIAO C B.Digital Image Processing[M].Beijing:China Machine Press,2015:78-101.
[13] TORRALBA,MURPHY,FREEMAN,et al.Context-based vision system for place and object recognition[C]//Proceedings Ninth IEEE International Conference on Computer Vision.Piscataway:IEEE Press,2008.
[14] KABANGA E K,KIM C H.Malware images classification using convolutional neural network[J].Journal of computer and communications,2018,6(1):153-158.
[15] YUAN B G,WANG J F,LIU D,et al.Byte-level malware classification based on Markov images and deep learning[J].Computers & security,2020,92:101740.
基本信息:
DOI:10.13705/j.issn.1671-6841.2023161
中图分类号:TP311.5;TP309
引用信息:
[1]刘亚姝,邱晓华,孙世淼等.基于二维离散傅里叶变换的恶意代码检测[J].郑州大学学报(理学版),2025,57(02):8-15.DOI:10.13705/j.issn.1671-6841.2023161.
基金信息:
国家自然科学基金项目(62232016); 国家重点研发计划重点专项(2022YFC3800502)