Malicious code classification method based on deep residual network and mixed attention mechanism

Abstract

The invention discloses a malicious code classification method based on a deep residual network and a mixed attention mechanism. According to the method, the malicious code is visualized into an RGBA image, and the information entropy of the code is not additionally calculated, so that the defects that the malicious code image information source is single, the image feature is not obvious and the calculation amount is too large are overcome; meanwhile, a deep residual network and an attention mechanism are combined to construct a malicious code classification model, the deep residual network improves the classification precision, and meanwhile, the gradient disappearance problem is relieved through short circuit connection, so that model convergence is accelerated, and the discrimination ability of the model is improved; and a mixed attention mechanism is adopted behind each residual unit, so that more critical deep features are extracted from two dimensions of channels and spaces, and the malicious code classification accuracy is further improved.

Description

technical field [0001] The invention belongs to the technical field of software security and deep learning, and in particular relates to a malicious code classification method based on a deep residual network and a mixed attention mechanism. Background technique [0002] In recent years, with the rapid development of information technology, the exponential growth of malicious codes has become a major threat to information security, and the research on malicious code detection and classification is becoming increasingly important. Traditional malicious code detection and classification methods mainly include static analysis methods and dynamic analysis methods. The former refers to malicious code analysis without executing binary programs, and the latter refers to the use of program debugging tools to track and observe malicious code under the condition of malicious code execution, and verify the static analysis results according to the working process of malicious code. Mal...

AI Technical Summary

Problems solved by technology

Some visualization schemes choose to calculate information entropy to enhance image information to improve classification accuracy. However, these methods have problems such as single source of malicious code image and high computational complexity of enhanced information, which increases the difficulty of malicious code classification to a certain extent and reduces the classification accuracy. classification accuracy

[0004] In addition, the conventional convolutional neural network focuses on the global features of the image, but does not pay attention to the detailed features of the key areas of the image, while malicious codes often exist in the local position of the program, manifested as local image features

Images