关键词: 恶意代码变体溯源, 生成对抗网络, 注意力机制, 代码可视化, 特征纹理

Abstract: Aiming at the issues of rapid mutation and difficult traceability of malicious code, this paper proposes a classification method that enhances familial traceability by creating a dataset of malicious code variants. The method visualizes malicious code, employs an improved generative adversarial network (GAN) for classification, and utilizes Ghost modules and Dropout layers to balance the adversarial capabilities of the generator and discriminator. An efficient channel attention mechanism is introduced to help the model focus on critical features, while a combined structure of convolution and upsampling avoids checkerboard artifacts in generated images. During testing, the models familial traceability for malicious code variants is validated using both a malicious code variant dataset and datasets with distinct categorical features. The proposed method achieves stronger feature extraction, lower resource consumption, and faster inference speed, meeting the demands of modern rapidly evolving malicious code for anti-obfuscation capability and high generalization. Additionally, it is suitable for deployment on mobile and embedded devices, ensuring real-time detection of malicious code.

Key words: malicious code variant tracing, generative adversarial network, attention mechanism, code visualization, feature texture