Visual malware detection method based on collaborative learning

Abstract

The invention discloses a collaborative learning-based visual malware detection method, including an initialization process and a collaborative training process; wherein: the initialization process specifically includes: (1) software visualization; (2) feature extraction; the collaborative training The process specifically includes: (3) collaborative training and marking of new samples of multiple classifiers; (4) voting detection process; the present invention can use a small number of marked software sample features for modeling, and continuously optimize the detection performance of the model through a large number of unmarked samples , so that the malware detection model has the ability of self-learning and self-adaptation, thereby reducing the dependence on artificial software sample marking, and solving the difficulty of collecting marked samples in malware detection, which makes the malware classification model based on machine learning difficult to be effective training problem.

Description

technical field [0001] The invention relates to the technical field of cyberspace security, in particular to a collaborative learning-based visual malware detection method. Background technique [0002] Malware is a serious security threat facing the current cyberspace, which has the characteristics of fast generation, wide spread and strong infection ability. Malware includes Trojan horses, viruses, worms, and malicious backdoors. Since the 1990s, researchers have begun to conduct in-depth research on malware detection. Existing malware detection methods include static detection and dynamic detection methods. Currently, widely used detection methods include signature-based detection, behavior-based detection and heuristic scanning, etc. [0003] In traditional detection methods, before analyzing the captured malware, it is necessary to manually use tools such as disassembly software, virtual machines, and sandboxes to analyze the malware, resulting in the identification o...

AI Technical Summary

Problems solved by technology

[0003] In traditional detection methods, before analyzing the captured malware, it is necessary to manually analyze the malware using tools such as disassembler software, virtual machines, and sandboxes. As a result, the identification of malware often lags behind the spread of software.

At the same time, in the actual detection scenario, it is very difficult to obtain marked malicious samples because the signatures of malicious samples need to undergo a lot of manual decoding and analysis.

However, a large number of unlabeled software samples cannot be used in the traditional malware detection model training process due to the lack of labels.

[0004] Traditional malware detection methods require a lot of manual decoding and analysis to achieve feature extraction and sample labeling of malicious samples

The cost of manually analyzing malicious samples is too high, making it difficult to obtain marked malicious samples, and a large number of unmarked malicious samples cannot be used in the detection model training process and are left idle

Images