基于HMM-LSTM的恶意软件行为检测方法
Journal: Advances in Computer and Autonomous Intelligence Research DOI: 10.12238/acair.v3i3.15566
Abstract
本文提出一种基于系统调用信息的恶意软件行为检测方法,融合HMM与LSTM算法优势:利用HMM挖掘软件行为上下文依赖关系,拆分系统调用序列以解决定长截取导致的上下文信息缺失问题;借鉴LSTM情感分析思路,在LSTM中引入注意力机制强化局部特征提取,提升恶意行为预测准确率。此外,通过多批次训练动态构建阈值,基于不同训练集ROC曲线确定批次最优阈值,结合方差分析优化全局阈值,有效拓展模型适用范围并提高检测精度。
Keywords
软件行为;隐马尔可夫模型;长短期记忆网络;网络安全
Full Text
PDF - Viewed/Downloaded: 0 TimesReferences
[1] Idika N,Mathur A P.A survey of malware detection techn iques[J].Purdue University,2007,48:2007-2.
[2] 陶芬,尹芷仪,傅建明.基于系统调用的软件行为模型[J].计算机科学,2010,37(4):151-157.
[3] 杨宇,张健.程序静态分析技术与工具[J].计算机科学,2004,(02):171-174.
[4] 蒋炎岩,许畅,马晓星,等.获取访存依赖:并发程序动态分析基础技术综述[J].软件学报,2017,28(4):745-763.
[5] Canfora G,Medvet E,Mercaldo F,et al.Detecting android malware using sequences of system calls[C]//Proceedings of the 3rd International Workshop on Software Development Lifec ycle for Mobile.2015:13-20.
[6] Ferrante A, Medvet E,Mercaldo F,et al.Spotting the mali cious moment:Characterizing malware behavior using dynamic features[C]//2016 11th International Conference on Availabil ity,Reliability and Security (ARES).IEEE,2016:372-381.
[7] 刘宇.基于深度学习的大词汇量连续语音识别的研究[D].重庆邮电大学,2018.
[8] Sherstinsky A.Fundamentals of recurrent neural netwo rk(RNN) and long short-term memory (LSTM) network[J].Physica D:Nonlinear Phenomena,2020,404:132306.
[9] Gronát P,Aldana-Iuit J A,Bálek M.MaxNet:Neural netwo rk architecture for continuous detection of malicious activi ty[C]//2019 IEEE Security and Privacy Workshops (SPW).IEEE,2019:28-35.
[2] 陶芬,尹芷仪,傅建明.基于系统调用的软件行为模型[J].计算机科学,2010,37(4):151-157.
[3] 杨宇,张健.程序静态分析技术与工具[J].计算机科学,2004,(02):171-174.
[4] 蒋炎岩,许畅,马晓星,等.获取访存依赖:并发程序动态分析基础技术综述[J].软件学报,2017,28(4):745-763.
[5] Canfora G,Medvet E,Mercaldo F,et al.Detecting android malware using sequences of system calls[C]//Proceedings of the 3rd International Workshop on Software Development Lifec ycle for Mobile.2015:13-20.
[6] Ferrante A, Medvet E,Mercaldo F,et al.Spotting the mali cious moment:Characterizing malware behavior using dynamic features[C]//2016 11th International Conference on Availabil ity,Reliability and Security (ARES).IEEE,2016:372-381.
[7] 刘宇.基于深度学习的大词汇量连续语音识别的研究[D].重庆邮电大学,2018.
[8] Sherstinsky A.Fundamentals of recurrent neural netwo rk(RNN) and long short-term memory (LSTM) network[J].Physica D:Nonlinear Phenomena,2020,404:132306.
[9] Gronát P,Aldana-Iuit J A,Bálek M.MaxNet:Neural netwo rk architecture for continuous detection of malicious activi ty[C]//2019 IEEE Security and Privacy Workshops (SPW).IEEE,2019:28-35.
Copyright © 2025 侯梦迪, 黄家广, 黄剑波
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License