本文提出了一种结合Transformer和LSTM结构的动态分析混合模型T-BiLSTM,用于解决传统静态分析方法在检测恶意软件时缺乏软件运行时信息的问题。实验表明,该模型通过分析动态恶意软件API调用序列,提高了检测性能,在八类别数据集上达到88.69%的准确性,优于现有方法和单纯的LSTM模型。
A dynamic malware detection mothod based on Transformer and LSTM
GUAN Yichen
1
管怡晨(1996-),女,硕士研究生在读,主要研究方向:恶意软件检测
YANG Tan
1
杨谈(1982-),女,副教授、硕导,主要研究方向:网络测量与性能分析、社会网络分析、移动互联网
1、School of Computer Science, University of Posts and Telecommunications, Beijing 100876
Abstract:With the rapid development of the Internet, the continuous growth of malwares and their variants have brought great challenges to the information security of computer users. In order to solve the problem that traditional malware detection highly relies on professional knowledge and the malware detection method based on static analysis is lack of software dynamic runtime information, this paper proposes a dynamic analysis-based hybrid model T-BiLSTM that combines the structure of the Transformer and long-term memory network(LSTM).The T-BiLSTM model makes use of both the advantages fromthe Transformer and LSTM during the process of analysing dynamic malware API call sequences. Experiments have shown that the de-duplication of the malware API call sequence improves the model performance. The T-BiLSTM model achieves an accuracy of 88.69% on the eight-category dataset. Not only does the performance of the model better than the existing method, but alse surpasses the naive LSTM model.
扫一扫
819
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
