信息网络安全 ›› 2021, Vol. 21 ›› Issue (10): 90-95.doi: 10.3969/j.issn.1671-1122.2021.10.013

• 入选论文 • 上一篇    下一篇

基于图像特征融合的恶意代码检测

谭茹涵1,2(), 左黎明1,2, 刘二根1, 郭力1,2   

  1. 1.华东交通大学理学院,南昌 330013
    2.华东交通大学系统工程与密码学研究所,南昌 330013
  • 收稿日期:2021-06-15 出版日期:2021-10-10 发布日期:2021-10-14
  • 通讯作者: 谭茹涵 E-mail:1018647895@qq.com
  • 作者简介:谭茹涵(1997—),女,江西,硕士研究生,主要研究方向为信息安全|左黎明(1981—),男,江西,副教授,硕士,主要研究方向为信息安全|刘二根(1965—),男,江西,教授,硕士,主要研究方向为图论|郭力(1996—),女,江西,硕士研究生,主要研究方向为信息安全
  • 基金资助:
    江西省教育厅科学技术研究项目(GJJ200626)

Malicious Code Detection Based on Image Feature Fusion

TAN Ruhan1,2(), ZUO Liming1,2, LIU Ergen1, GUO Li1,2   

  1. 1. School of Science, East China Jiaotong University, Nanchang 330013, China
    2. SEC Institute, East China Jiaotong University, Nanchang 330013, China
  • Received:2021-06-15 Online:2021-10-10 Published:2021-10-14
  • Contact: TAN Ruhan E-mail:1018647895@qq.com

摘要:

随着恶意代码混淆技术的不断升级,传统检测方法已不能满足安全需求。文章提出了一种基于图像特征融合的恶意代码检测方法,采用加权的HOG特征对B2M算法转换后的恶意代码进行局部纹理特征提取,根据恶意代码不同段落位置对分类的影响力度不同,分别赋予不同的权重。同时,采用Dense SIFT提取全局纹理结构特征,将局部纹理特征和全局纹理结构特征两者进行融合,既可以反映恶意代码的细节特征,又不忽视整体的结构特性。利用SVM对提取后的特征进行分类检验,实验结果表明,融合特征的性能优于单一特征。

关键词: 加权HOG, Dense SIFT特征, 特征融合, SVM

Abstract:

With the continuous upgrading of malicious code obfuscation technology, the traditional detection methods are not enough to meet the security requirements. A malicious code detection method based on image feature fusion was proposed in this paper. The weighted-HOG features were used to extract the local texture features of the malicious code converted by B2M algorithm, and different weights were given according to the influence of different paragraph positions of malicious code on classification. At the same time, the Dense SIFT was used to extract the global texture structure features, which could not only reflect the detail of malicious code, but also not ignore the overall structure characteristics. SVM was used to classify the extracted features. The experimental results show that the performance of combined features is better than that of single features.

Key words: weighted-HOG, Dense SIFT features, feature fusion, SVM

中图分类号: