• 网络与信息安全 •

### Attention-CNN在恶意代码检测中的应用研究

1. 1. 贵州大学 计算机科学与技术学院，贵阳 550025
2. 贵州大学 计算机软件与理论研究所，贵阳 550025
• 出版日期:2021-04-01 发布日期:2021-04-02

### Research on Application of Attention-CNN in Malware Detection

MA Dan, WAN Liang, CHENG Qiqin, SUN Zhiqiang

1. 1. College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
2. Institute of Computer Software and Theory, Guizhou University, Guiyang 550025, China
• Online:2021-04-01 Published:2021-04-02

Abstract:

The attack of malware has become one of the most major threats to the Internet. What??s more, the existing malware data are huge and have multiple features. In order to extract the characteristics better and master the behaviors of malware, Attention-CNN malware detection model based on attention mechanism is proposed. Firstly, the Attention-CNN is constructed by combining convolutional neural network (CNN) and the attention mechanism. Secondly, the malwares are transformed into gray-scale images as the input of the detection model. The attention maps and detection results corresponding to the malware are obtained by training and testing the Attention-CNN model. Eventually, the important byte sequences extracted from the attention map are used for manual analysis to reveal the behaviors of malware. Experimental results show that, Attention-CNN can get better detection results than SVM (support vector machine), random forest, J48.trees and CNN without attention mechanism. Meanwhile, Attention-CNN improves the detection accuracy by 4.3 percentage points compared with vsNet. Moreover, the important byte sequences extracted from the attention map can effectively reduce the burden of manual analysis and obtain the relevant behaviors of malware, and make up for the non-interpretability of malware detection in the form of gray-scale image.