计算机科学
恶意软件
人工智能
学习矢量量化
机器学习
支持向量机
深度学习
序列(生物学)
人工神经网络
数据挖掘
模式识别(心理学)
计算机安全
生物
遗传学
作者
Weina Niu,Zhou Jie,Yang Zhao,Xiaosong Zhang,Yujie Peng,Cheng Huang
标识
DOI:10.1016/j.cose.2022.102809
摘要
Traditional malware detection methods based on static traffic characteristics and machine learning are hard to cope with the increasing number of APT malware variants. In order to alleviate this problem, this paper proposes a deep-learning-based malware classification approach that combines time sequence features and association rules features. This method uses the improved LSTM neural network structure named RESNET_LSTM and PARALLEL_LSTM to extract time sequence features of different protocol traffic. It also utilizes association analysis to generate quantitative rule features. Finally, we connect the time sequence feature vector and the quantization rule vector as input to deep learning models to detect malware traffic. We evaluated our proposed approach on a dataset consisting of malicious traffic generated by 57 types of malware and normal traffic. The experimental results demonstrate that the loss decline rate of PARALLEL_LSTM structure during the training phase is faster than that of the LSTM and RESNET_LSTM structures. When the RESNET_LSTM structure is used, the prediction accuracy is close to 100%, which is slightly higher than the other two structures. The accuracy of the detection methods proposed in this paper are all above 96%, while the accuracy of malware detection methods combined with static traffic characteristics and machine learning is about 85%.
科研通智能强力驱动
Strongly Powered by AbleSci AI