Netinfo Security ›› 2023, Vol. 23 ›› Issue (12): 29-37.doi: 10.3969/j.issn.1671-1122.2023.12.004

Previous Articles     Next Articles

A Malicious Code Recognition Model Fusing Image Spatial Feature Attention Mechanism

LIU Jun1, WU Zhichao2, WU Jian1, TAN Zhenhua1,2()   

  1. 1. Networking Center, Northeastern University, Shenyang, 110819, China
    2. Software College of Northeastern University, Shenyang,110819, China
  • Received:2023-09-16 Online:2023-12-10 Published:2023-12-13

Abstract:

When converted into images, malicious software exhibits two prominent characteristics. Firstly, during the visualization process, black pixels are typically added to pad the end of the file, creating a distinct separation in the image between significant features (code part) and non-significant features (filled part). Secondly, there is a semantic feature correlation among code segments that is preserved in sequential pixel conversion. While existing models for malicious code detection have achieved reasonably good recognition results to some extent, they have not been specifically designed to leverage the unique traits of malicious code. Consequently, their capability to extract deep-level features from malicious images has been relatively weak and often requires complex model architectures. Therefore, this paper proposed a novel model for detecting malicious code that addressed two key characteristics of malicious images. Firstly by transforming original malicious code into images and applying preprocessing techniques. Secondly by utilizing an FA-SA module for extracting key features along with two FA-SeA modules for capturing pixel-wise correlations. This model not only simplifies the architecture but also enhances its capability for deep-level feature extraction thereby improving detection accuracy. On the Malimg dataset, our model achieves an accuracy of 96.38%, representing a 3.56% improvement compared to previous CNN-based models. Experimental results highlight the effectiveness of designing network models based on the characteristics of malicious images with significant contributions from our proposed fusion attention module towards enhancing recognition performance.

Key words: deep learning, malicious code recognition, malicious image, attention

CLC Number: