• 网络与信息安全 •

### 融合注意力机制的恶意代码家族分类研究

1. 1. 中国人民公安大学 信息网络安全学院，北京 100038
2. 安全防范与风险评估公安部重点实验室，北京 102623
• 出版日期:2021-05-01 发布日期:2021-04-30

### Research on Malicious Code Family Classification Combining Attention Mechanism

WANG Runzheng, GAO Jian, TONG Xin, YANG Mengqi

1. 1. College of Information and Cyber Security, People??s Public Security University of China, Beijing 100038, China
2. Key Laboratory of Safety Precautions and Risk Assessment, Ministry of Public Security, Beijing 102623, China
• Online:2021-05-01 Published:2021-04-30

Abstract:

In recent years, with the diversification of malicious code family and the enhancement of confounding countermeasures, traditional detection methods for malicious code are difficult to achieve good classification effect. Therefore, a malicious code family classification model combining attention mechanism is proposed. Firstly, this paper uses the reverse disassembly tool to obtain the features of each section of the malicious sample, and uses visualization technology to convert each section into each channel of RGB color image. Secondly, the channel domain and spatial domain attention mechanism are introduced to build the depthwise separable convolution network based on the mixed domain attention mechanism, and the image texture features of the malicious samples are extracted from the channel and space dimensions. Finally, nine categories of malicious code family are selected to train and test the model. The experimental result shows that the accuracy of the classification of malicious code family by a single section feature is lower than that by fusion feature, which can effectively distinguish various types of malicious code family. Compared with traditional neural network models, the proposed model achieves better classification effect and the classification accuracy of the model reaches 98.38%.