基于半监督生成对抗网络的恶意代码家族分类实现

计算机工程与科学 ›› 2022, Vol. 44 ›› Issue (05): 826-833.

• 计算机网络与信息安全 • 上一篇下一篇

基于半监督生成对抗网络的恶意代码家族分类实现

王栋1,2，杨珂1,2，玄佳兴1,2，韩雨桐3，赵丽花1,2，王旭仁4

(1.国网电子商务有限公司(国网雄安金融科技集团有限公司),北京 100053;
2.国家电网有限公司区块链技术实验室,北京 100053;
3.中国科学院信息工程研究所,北京 100093;
4.首都师范大学信息工程学院,北京 100048)

收稿日期:2020-09-21 修回日期:2021-01-01 接受日期:2022-05-25 出版日期:2022-05-25 发布日期:2022-05-24
基金资助:
国家自然科学基金(61872252);国家重点研发计划项目（2018YFB0805005）;国网电商公司科技项目(2500/2020-72001B)

Realization of malicious code family classification based on semi-supervised generative adversarial network

WANG Dong1,2,YANG Ke1,2,XUAN Jia-xing1,2,HAN Yu-tong3,ZHAO Li-hua1,2,WANG Xu-ren4

(1.State Grid Electronic Commerce Co.,Ltd.(State Grid Xiong’an Financial Technology Group Co.,Ltd.),Beijing 100053;
2.Blockchain Technology Laboratory,State Grid Corporation of China,Beijing 100053;
3.Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;
4.College of Information Engineering,Capital Normal University,Beijing 100048,China)

Received:2020-09-21 Revised:2021-01-01 Accepted:2022-05-25 Online:2022-05-25 Published:2022-05-24

摘要/Abstract

摘要： 随着互联网的发展，恶意代码呈现海量化与多态化的趋势，恶意代码家族分类是网络空间安全面临的挑战之一。将半监督生成对抗网络与深度卷积学习网络相结合，构建半监督深度卷积生成对抗网络，提出了一种恶意代码家族分类模型，通过恶意代码家族特征分析，对恶意代码进行特征提取，转化为一维灰度图像；然后基于一维卷积神经网络1D-CNN，构建半监督生成对抗网络SGAN，形成恶意代码家族分类模型SGAN-CNN。从特征提取优化、半监督生成对抗训练算法优化等方面进行恶意代码家族分类能力提升。为了验证SGAN-CNN模型的分类效果，在Microsoft Malware Classification Challenge数据集上进行实验。5折交叉验证测试显示，本文提出的模型在样本标注标签占80%的情况下，分类的平均准确率达到98.81%；在样本标注标签仅有20%的情况下，分类的平均准确率达到98.01%，取得了较好的分类效果。在小样本数量情况下，也能取得不错的分类准确率。

关键词: 深度学习, 一维卷积神经网络, 半监督学习, 生成对抗网络, 恶意代码分类

Abstract: With the development of Internet, malicious code tend to be massive and polymorphic. The classification of malicious code family is one of the challenges of cyber security. Combining the semi supervised generation network with the deep convolutional neural network, a multi-family malicious code classification model is proposed. Taking the gray image of malicious codes as the feature, based on the efficient one-dimensional convolutional neural network (1D-CNN), using the semi-supervised generative adversarial network (SGAN), an efficient and accurate malicious code family classification model is constructed as SGAN-CNN, which can improve the malicious code classification ability from aspects of efficient feature extraction and SGAN optimization. In order to verify the classification ability of the model, experiments are carried out on the Microsoft malware classification challenge data set. 5-fold cross-validation shows that the proposed model achieves 98.81% of the average accuracy of the test set with 80% of the tag rate, 98.01% of the average accuracy of the test set with 20% of the tag rate, and achieves better experimental results. In the case of small samples, it can also achieve good classification accuracy.

Key words: deep learning, one-dimensional convolutional neural network, semi-supervised learning, generative adversarial network, malicious code classification

王栋, 杨珂, 玄佳兴, 韩雨桐, 赵丽花, 王旭仁. 基于半监督生成对抗网络的恶意代码家族分类实现[J]. 计算机工程与科学, 2022, 44(05): 826-833.

WANG Dong, YANG Ke, XUAN Jia-xing, HAN Yu-tong, ZHAO Li-hua, WANG Xu-ren. Realization of malicious code family classification based on semi-supervised generative adversarial network[J]. Computer Engineering & Science, 2022, 44(05): 826-833.

参考文献［13］

［1］	Nataraj L,Karthikeyan S,Jacob G,et al.Malware images:Visualization and automatic classification［C］∥Proc of the 8th International Symposium on Visualization for Cyber Security,2011:41-47.
［2］	Kancherla K,Mukkamala S.Image visualization based malware detection［C］∥Proc of IEEE Symposium on Computational Intelligence in Cyber Security(CICS),2013:40-44.
［3］	Ni S, Qian Q,Zhang R.Malware identification using visua- lization images and deep learning［J］.Computers & Security,2018,77:871-885.
［4］	Zhang Jing-lian,Peng Yan-bing.Research on malicious code classification based on feature fusion ［J］.Computer Engineering,2019,45(8):281-295.(in Chinese)
［5］	Sun Bo-wen, Zhang Peng,Cheng Ming-yu,et al.Malicious code detection method based on code image enhancement［J］.Journal of Tsinghua University(Natural Science Edition),2020,60(5):386-392.(in Chinese)
［6］	Pendlebury F,Pierazzi F,Jordaney R,et al.TESSERACT:Eliminating experimental bias in malware classification across space and time［C］∥Proc of the 28th USENIX Security Symposium,2019:729-746.
［7］	Homayoun S, Dehghantanha A, Ahmadzadeh M, et al.DRTHIS:Deep ransomware threat hunting and intelligence system at the fog layer［J］.Future Generation Computer Systems,2018,7:94-104.
［8］	Saxe J,Berlin K.Deep neural network based malware detection using two dimensional binary program features［C］∥Proc of the 10th International Conference on Malicious & Unwanted Software,2015:11-20.
［9］	Al-Dujaili A,Huang A,Hemberg E,et al.Adversarial deep learning for robust detection of binary encoded malware［C］∥Proc of 2018 IEEE Security and Privacy Workshops,2018:76-82.
［10］	Kim J Y,Bu S J,Cho S B.Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders［J］.Information Sciences,2018,460-461:83-102.
［11］	Salimans T,Goodfellow I,Zaremba W,et al.Improved techniques for training GANs［C］∥Proc of the 30th International Conference on Neural Information Processing Systems,2016:2234-2242.
［12］	Cui Z, Xue F, Cai X, et al. Detection of malicious code variants based on deep learning ［J］. IEEE Transactions on Industrial Informatics, 2018, 14(7):3187-3196.
［13］	Wang Dong, Yang Ke, Xuan Jia-xing, et al. Research on multi classification method of malicious code family based on one dimension convolutional neural network［J］. Computer Applications and Software, 2021, 38(12):333-336. (in Chinese)
［14］	Antoniou A,Storkey A J,Edwards H.Data augmentation generative adversarial networks［C］∥Proc of the 6th International Conference on Learning Representations,2018:1-10.
［15］	Karras T,Laine S,Aila T.A style-based generator architecture for generative adversarial networks［C］∥Proc of IEEE/CVF Conference on Computer Vision and Pattern Recognition,2019:4396-4405.
［16］	Ledig C,Theis L,Huszar F,et al.Photo-realistic single image super-resolution using a generative adversarial network［C］∥Proc of the 27th IEEE Conference on Computer Vision and Pattern Recognition,2017:105-114.
［17］	Radford A,Metz L,Chintala S.Unsupervised representation learning with deep convolutional generative adversarial networks［J］.arXiv:1511.06434, 2015.
［18］	Simonyan K, Zisserman A.Very deep convolutional networks for large-scale image recognition［C］∥Proc of the 3rd International Conference on Learning Representations,2015:1-10.
［19］	Hinton G, Salakhutdinov R. Reducing the dimensionality of data with neural networks ［J］.Science,2006,313(5786):504-507.
［20］	Ronen R,Radu M,Feuerstein C,et al.Microsoft malware classification challenge ［J］.arXiv:1802.10135,2018.
［21］	Lee D-H. Pseudo-label:The simple and efficient semi- supervised learning method for deep neural networks［C］∥Proc of ICML 2013 Workshop:Challenges in Representation Learning,2013:1-6.
［22］	Rasmus A,Berglund M,Honkala M,et al.Semi-supervised learning with ladder networks［C］∥Proc of the 29th International Conference on Neural Information Processing Systems,2015:3546-3554.
	附中文参考文献：
［4］	张景莲,彭艳兵.基于特征融合的恶意代码分类研究［J］.计算机工程,2019,45(8):281-295.
［5］	孙博文,张鹏,成茗宇,等.基于代码图像增强的恶意代码检测方法［J］.清华大学学报(自然科学版),2020,60(5):386-392.
［13］	王栋, 杨珂, 玄佳兴, 等. 基于一维卷积神经网络的恶意代码家族多分类方法研究［J］. 计算机应用与软件, 2021, 38(12):333-336.

[1]	易啸, 马胜, 肖侬. 深度学习加速器在不同剪枝策略下的运行优化[J]. 计算机工程与科学, 2023, 45(07): 1141-1148.
[2]	康宇晗, 时洋, 陈照云, 文梅. 面向迈创+MatrixZone异构系统的深度学习编程框架[J]. 计算机工程与科学, 2023, 45(07): 1149-1158.
[3]	刘浩翰, 孙铖, 贺怀清, 惠康华. 基于改进YOLOv3的金属表面缺陷检测[J]. 计算机工程与科学, 2023, 45(07): 1226-1235.
[4]	马征, 褚钧正, 武鹏飞. 一种基于对抗学习的仿真遥感图像生成方法[J]. 计算机工程与科学, 2023, 45(03): 489-494.
[5]	孙琪, 翟锐, 左方, 张玉涛, . 基于部分卷积和多尺度特征融合的人脸图像修复模型[J]. 计算机工程与科学, 2023, 45(02): 304-312.
[6]	齐永锋, 裴晓旭, 吕雪超, 王静. 基于同步压缩和DCGAN的癫痫脑电信号检测方法[J]. 计算机工程与科学, 2022, 44(12): 2273-2280.
[7]	陈曦, 赵红东, 杨东旭, 徐柯南, 任星霖, 封慧杰. 基于线性注意力机制的单样本生成对抗网络研究[J]. 计算机工程与科学, 2022, 44(11): 2056-2063.
[8]	车生兵, 张光琳. 基于深度学习的Webshell检测[J]. 计算机工程与科学, 2022, 44(06): 994-1002.
[9]	王霞, 徐慧英, 朱信忠. 一种基于谱归一化的两阶段堆叠结构生成对抗网络的文本生成图像模型[J]. 计算机工程与科学, 2022, 44(06): 1083-1089.
[10]	谭红臣, 黄世华, 肖贺文, 于冰冰, 刘秀平. 判别增强的生成对抗模型在文本至图像生成中的研究与应用[J]. 计算机工程与科学, 2022, 44(05): 855-861.
[11]	李利荣, 王子炎, 张开, 杨荻椿, 熊炜, 巩朋成, . 基于OSE-dResnet网络的列车底部零件检测算法[J]. 计算机工程与科学, 2022, 44(04): 692-698.
[12]	崔克彬, 潘锋. 用于绝缘子故障检测的CycleGAN小样本库扩增方法研究[J]. 计算机工程与科学, 2022, 44(03): 509-515.
[13]	卜冠华, 周礼亮, 李昊, 张敏 . 基于深度学习的GPS轨迹去匿名研究[J]. 计算机工程与科学, 2022, 44(02): 244-250.
[14]	李方, 吴国栋, 涂立静, 刘玉良, 查志康, 李景霞. 图自编码器推荐研究综述[J]. 计算机工程与科学, 2022, 44(02): 335-344.
[15]	王保成, 刘利军, 黄青松, . 基于LDA和卷积神经网络的半监督图像标注方法[J]. 计算机工程与科学, 2022, 44(01): 110-117.

基于半监督生成对抗网络的恶意代码家族分类实现

Realization of malicious code family classification based on semi-supervised generative adversarial network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献［13］

相关文章 15

编辑推荐

Metrics

本文评价

基于半监督生成对抗网络的恶意代码家族分类实现

Realization of malicious code family classification based on semi-supervised generative adversarial network

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献 ［13］

相关文章 15

编辑推荐

Metrics

本文评价

参考文献［13］