《计算机应用研究》|Application Research of Computers

基于LSTM-CNN的容器内恶意软件静态检测

Static detection of malware in container based on LSTM-CNN

免费全文下载 (已被下载 次)  
获取PDF全文
作者 金逸灵,陈兴蜀,王玉龙
机构 四川大学 a.网络空间安全学院;b.网络空间安全研究院,成都 610065
统计 摘要被查看 次,已被下载
文章编号 1001-3695(2020)12-036-3704-04
DOI 10.19734/j.issn.1001-3695.2019.08.0565
摘要 针对现阶段容器环境下恶意软件检测研究较少且检测率较低的问题,提出了一种基于LSTM-CNN的容器内恶意软件静态检测方法,用以在恶意软件运行前进行检测,从源头阻断其攻击行为,降低检测过程给容器运行带来的性能损耗。该方法通过无代理的方式获取容器内待测软件,提取其API调用序列作为程序行为数据,利用word2vec模型对程序API调用序列进行向量化表征,并基于LSTM和CNN分别提取其语义信息及多维局部特征以实现恶意软件的检测。在容器环境下实现了该方法,并基于公开数据集VirusShare进行测试,结果表明该方法可达到99.76%的检测率且误报率低于1%,优于同类其他方法。
关键词 容器; 卷积神经网络; 深度学习; 长短期记忆; 恶意软件检测
基金项目 国家自然科学基金青年科学基金资助项目(61802270,61802271)
四川省重点研发资金资助项目(2018G20100)
四川省科技支撑计划资金资助项目(2016GZ0038)
本文URL http://www.arocmag.com/article/01-2020-12-036.html
英文标题 Static detection of malware in container based on LSTM-CNN
作者英文名 Jin Yiling, Chen Xingshu, Wang Yulong
机构英文名 a.College of Cybersecurity,b.Research Institute of Cybersecurity,Sichuan University,Chengdu 610065,China
英文摘要 Aiming at the problem of less research and low detection rate of malware detection in the current container environment, this paper proposed a static detection method of malware in container based on LSTM-CNN. The purpose of the method is to detect malware before it runs, to block its attack behavior from the source, and to reduce the performance loss brought by the detection process to the operation of container. The method obtained the software to be tested in the container without agent, and extracted API(application programming interface) call sequences as program behavior data, used word2vec model to vectorize API call sequences, and extracted the semantic information and multi-dimensional local features based on LSTM and CNN respectively to detect malware. This paper implemented the method in container environment and tested on an open sourced dataset VirusShare, the results show that the method can achieve a detection rate of 99.76% and the false alarm rate is less than 1%, which is superior to other similar methods.
英文关键词 container; CNN(convolutional neural network); deep learning; LSTM(long short-term memory); malware detection
参考文献 查看稿件参考文献
 
收稿日期 2019/8/11
修回日期 2019/9/30
页码 3704-3707,3711
中图分类号 TP309
文献标志码 A