Malicious software image format detection model-oriented black box attack defense method and device thereof

Abstract

A malicious software image format detection model-oriented black box attack defense method comprises the steps of 1) obtaining a data set, and dividing the data set into a training set and a test set;2) converting into a malicious software image format; 3) constructing a black box attack model for generating disturbance based on a deep convolutional generative adversarial network (DCGAN), whereinthe structure of the black box attack model is divided into two parts, namely a generator and a discriminator; 4) through the continuous confrontation process between the generator and the discriminator constructed in the step 3), the generator finally generating a confrontation sample capable of simulating the sample B; 5) optimizing retraining of the malicious software assembly format detectionmodel by using the adversarial sample obtained in the step 4) to obtain a malicious software detection model capable of defending against the adversarial attack; and 6) identifying the malicious software by utilizing the malicious software detection model capable of defending against the attack. The invention further comprises a device for implementing the malicious software image format detection model-oriented black box attack defense method.

Description

technical field [0001] The invention relates to a black box attack defense method and a device thereof for a malicious software image format detection model. Background technique [0002] With the rapid development of computers and the Internet, communication between people has become more and more convenient, and network information exchange and intelligent applications play a vital role in people's daily life. According to statistics, as of June 2016, the number of people using the Internet in the world has reached more than 3.6 billion, accounting for more than half of users for the first time. At the same time, the development of the network is also accompanied by many network security problems, and malicious software is one of the important influencing factors. Malware (Malicious Software, Malware) refers to a software program that purposely enables attackers to damage computers, servers, clients, or computer networks. Representative types of malicious software includ...

AI Technical Summary

Problems solved by technology

This method of identifying specific character strings from software binary codes to identify malicious properties solves the detection problem to a certain extent, but it requires domain name experts to manually create, update, and upload, which is time-consuming, laborious, and error-prone; Beijing Wuzi University First, extract the static features and dynamic features of each software sample from the software sample collection of known software types, and then effectively combine the extracted static features and dynamic features of each software sample to form a mixed feature data set. According to the principal component analysis method And the selection method of feature weight, reduce the feature dimension, remove redundant features, get the optimized mixed feature data set, and then use the support vector machine model to train the features in the optimized mixed feature set to form a classification detection model, and finally according to The classification detection model detects the software to be detected, but the generalization performance of the detection technology based on the vector machine model and other machine learning is still not high enough, and once the manually extracted features to be analyzed are discovered by the attacker, the sample can be easily modified to escape detection

Images