• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

基于集成学习和多特征的恶意软件同源分析。

Homology analysis of malware based on ensemble learning and multifeatures.

机构信息

College of Computer Science and Technology, Harbin Engineering University, Harbin, Heilongjiang, China.

出版信息

PLoS One. 2019 Aug 26;14(8):e0211373. doi: 10.1371/journal.pone.0211373. eCollection 2019.

DOI:10.1371/journal.pone.0211373
PMID:31449533
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC6709908/
Abstract

With the exponential increase in malware, homology analysis has become a hot research topic in the malware detection field. This paper proposes MHAS, a malware homology analysis system based on ensemble learning and multifeatures. MHAS generates grayscale images from malware binary files and then uses the opcode tool IDA Pro to extract opcode sequences and system call graphs. Thus, RGB images and M-images are generated on the image matrix. Then, MHAS uses convolutional neural networks (CNNs) as base learners to perform bagging ensemble learning to learn features from the grayscale images, RGB images and M-images. Next, MHAS integrates the nine base learners using voting, learning and selective ensemble (in that order) and maps the integration results to the result matrix. Finally, the result matrix is again integrated using the learning method to obtain the final malware classification result. To verify the accuracy of MHAS, we performed a malware family classification experiment, that included samples of 10 malware families. The results showed that MHAS can reach an accuracy rate of 99.17%, meaning that it can effectively analyze and identify malware families.

摘要

随着恶意软件的指数级增长,同源分析已成为恶意软件检测领域的热门研究课题。本文提出了一种基于集成学习和多特征的恶意软件同源分析系统 MHAS。MHAS 从恶意软件二进制文件生成灰度图像,然后使用 opcode 工具 IDA Pro 提取 opcode 序列和系统调用图。这样,在图像矩阵上生成 RGB 图像和 M 图像。然后,MHAS 使用卷积神经网络 (CNN) 作为基础学习者进行袋装集成学习,从灰度图像、RGB 图像和 M 图像中学习特征。接下来,MHAS 使用投票、学习和选择性集成(依次)集成九个基础学习者,并将集成结果映射到结果矩阵。最后,使用学习方法再次集成结果矩阵,以获得最终的恶意软件分类结果。为了验证 MHAS 的准确性,我们进行了恶意软件家族分类实验,其中包括 10 个恶意软件家族的样本。结果表明,MHAS 可以达到 99.17%的准确率,这意味着它可以有效地分析和识别恶意软件家族。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/e833d21b6b66/pone.0211373.g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/0d9efa7dae2a/pone.0211373.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/2b76ad0db11d/pone.0211373.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/27e332e582e4/pone.0211373.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/618b656db0f1/pone.0211373.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/27a947c5c557/pone.0211373.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/d05890593f28/pone.0211373.g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/4dc68b4609af/pone.0211373.g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/7a970e0cbc16/pone.0211373.g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/9710eee8033c/pone.0211373.g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/2b5dea8b424b/pone.0211373.g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/e833d21b6b66/pone.0211373.g011.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/0d9efa7dae2a/pone.0211373.g001.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/2b76ad0db11d/pone.0211373.g002.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/27e332e582e4/pone.0211373.g003.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/618b656db0f1/pone.0211373.g004.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/27a947c5c557/pone.0211373.g005.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/d05890593f28/pone.0211373.g006.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/4dc68b4609af/pone.0211373.g007.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/7a970e0cbc16/pone.0211373.g008.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/9710eee8033c/pone.0211373.g009.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/2b5dea8b424b/pone.0211373.g010.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3483/6709908/e833d21b6b66/pone.0211373.g011.jpg

相似文献

1
Homology analysis of malware based on ensemble learning and multifeatures.基于集成学习和多特征的恶意软件同源分析。
PLoS One. 2019 Aug 26;14(8):e0211373. doi: 10.1371/journal.pone.0211373. eCollection 2019.
2
Malware analysis using visualized image matrices.使用可视化图像矩阵进行恶意软件分析。
ScientificWorldJournal. 2014;2014:132713. doi: 10.1155/2014/132713. Epub 2014 Jul 16.
3
Malware homology determination using visualized images and feature fusion.使用可视化图像和特征融合进行恶意软件同源性判定。
PeerJ Comput Sci. 2021 Apr 15;7:e494. doi: 10.7717/peerj-cs.494. eCollection 2021.
4
Digital Forensics for Malware Classification: An Approach for Binary Code to Pixel Vector Transition.数字取证在恶意软件分类中的应用:一种从二进制代码到像素向量转换的方法。
Comput Intell Neurosci. 2022 Apr 21;2022:6294058. doi: 10.1155/2022/6294058. eCollection 2022.
5
Malicious Code Variant Identification Based on Multiscale Feature Fusion CNNs.基于多尺度特征融合卷积神经网络的恶意代码变体识别。
Comput Intell Neurosci. 2021 Dec 14;2021:1070586. doi: 10.1155/2021/1070586. eCollection 2021.
6
Efficient Windows malware identification and classification scheme for plant protection information systems.用于植物保护信息系统的高效Windows恶意软件识别与分类方案
Front Plant Sci. 2023 Feb 15;14:1123696. doi: 10.3389/fpls.2023.1123696. eCollection 2023.
7
OpCode-Level Function Call Graph Based Android Malware Classification Using Deep Learning.基于 OpCode 级函数调用图的深度学习的安卓恶意软件分类。
Sensors (Basel). 2020 Jun 29;20(13):3645. doi: 10.3390/s20133645.
8
Deep Feature Extraction and Classification of Android Malware Images.安卓恶意软件图像的深度特征提取与分类。
Sensors (Basel). 2020 Dec 8;20(24):7013. doi: 10.3390/s20247013.
9
A Novel Detection and Multi-Classification Approach for IoT-Malware Using Random Forest Voting of Fine-Tuning Convolutional Neural Networks.基于卷积神经网络微调随机森林投票的物联网恶意软件新型检测与多分类方法。
Sensors (Basel). 2022 Jun 6;22(11):4302. doi: 10.3390/s22114302.
10
Zero-Day Malware Detection and Effective Malware Analysis Using Shapley Ensemble Boosting and Bagging Approach.零日恶意软件检测与 Shapley 集成提升和装袋方法在恶意软件分析中的有效应用。
Sensors (Basel). 2022 Apr 6;22(7):2798. doi: 10.3390/s22072798.

引用本文的文献

1
Attribution classification method of APT malware based on multi-feature fusion.基于多特征融合的 APT 恶意软件归因分类方法。
PLoS One. 2024 Jun 27;19(6):e0304066. doi: 10.1371/journal.pone.0304066. eCollection 2024.
2
DeepDetectNet vs RLAttackNet: An adversarial method to improve deep learning-based static malware detection model.DeepDetectNet 对抗 RLAttackNet:一种改进基于深度学习的静态恶意软件检测模型的对抗方法。
PLoS One. 2020 Apr 23;15(4):e0231626. doi: 10.1371/journal.pone.0231626. eCollection 2020.
3
Correction: Homology analysis of malware based on ensemble learning and multifeatures.

本文引用的文献

1
Defending Against Advanced Persistent Threats Using Game-Theory.运用博弈论抵御高级持续性威胁
PLoS One. 2017 Jan 3;12(1):e0168675. doi: 10.1371/journal.pone.0168675. eCollection 2017.
2
Spatial Pyramid Pooling in Deep Convolutional Networks for Visual Recognition.空间金字塔池化在深度卷积网络中的视觉识别。
IEEE Trans Pattern Anal Mach Intell. 2015 Sep;37(9):1904-16. doi: 10.1109/TPAMI.2015.2389824.
3
Malware analysis using visualized image matrices.使用可视化图像矩阵进行恶意软件分析。
更正:基于集成学习和多特征的恶意软件同源性分析
PLoS One. 2019 Oct 3;14(10):e0223679. doi: 10.1371/journal.pone.0223679. eCollection 2019.
ScientificWorldJournal. 2014;2014:132713. doi: 10.1155/2014/132713. Epub 2014 Jul 16.
4
A combinatorial model of malware diffusion via bluetooth connections.通过蓝牙连接的恶意软件传播的组合模型。
PLoS One. 2013;8(3):e59468. doi: 10.1371/journal.pone.0059468. Epub 2013 Mar 21.