Journal of Frontiers of Computer Science and Technology ›› 2021, Vol. 15 ›› Issue (5): 881-892.DOI: 10.3778/j.issn.1673-9418.2009066

• Network and Information Security • Previous Articles     Next Articles

Research on Malicious Code Family Classification Combining Attention Mechanism

WANG Runzheng, GAO Jian, TONG Xin, YANG Mengqi   

  1. 1. College of Information and Cyber Security, People??s Public Security University of China, Beijing 100038, China
    2. Key Laboratory of Safety Precautions and Risk Assessment, Ministry of Public Security, Beijing 102623, China
  • Online:2021-05-01 Published:2021-04-30



  1. 1. 中国人民公安大学 信息网络安全学院,北京 100038
    2. 安全防范与风险评估公安部重点实验室,北京 102623


In recent years, with the diversification of malicious code family and the enhancement of confounding countermeasures, traditional detection methods for malicious code are difficult to achieve good classification effect. Therefore, a malicious code family classification model combining attention mechanism is proposed. Firstly, this paper uses the reverse disassembly tool to obtain the features of each section of the malicious sample, and uses visualization technology to convert each section into each channel of RGB color image. Secondly, the channel domain and spatial domain attention mechanism are introduced to build the depthwise separable convolution network based on the mixed domain attention mechanism, and the image texture features of the malicious samples are extracted from the channel and space dimensions. Finally, nine categories of malicious code family are selected to train and test the model. The experimental result shows that the accuracy of the classification of malicious code family by a single section feature is lower than that by fusion feature, which can effectively distinguish various types of malicious code family. Compared with traditional neural network models, the proposed model achieves better classification effect and the classification accuracy of the model reaches 98.38%.

Key words: malicious family, multiclassification, mixed domain attention mechanism, depthwise separable convolution, fusion feature



关键词: 恶意家族, 多分类, 混合域注意力机制, 深度可分离卷积, 融合特征