Malware and its variants continue to pose a threat to network security. Machine learning has been widely used in the field of malware classification, but some emerging studies, such as attention mechanisms, are rarely...
详细信息
Malware and its variants continue to pose a threat to network security. Machine learning has been widely used in the field of malware classification, but some emerging studies, such as attention mechanisms, are rarely applied in this field. In this paper, we analyze the correspondence between bytecode and disassembly of malware, and propose a new feature extraction method based on multi-dimensional sequence. Also, we construct a new classification framework based on attention mechanism and Convolutional Neural Networks mechanism. Furthermore, we also compare the different architectures based on the attention mechanisms. Experiments on open datasets show that our feature extraction method and our framework have a good classification effect, and the accuracy rate is 0.9609.
We present a new approach for disassembling executables with self-modifying code. Self-modifying code is very common in malware. Conventional static or dynamic approaches cannot handle self-modifying code very well. W...
详细信息
ISBN:
(纸本)9783038351559
We present a new approach for disassembling executables with self-modifying code. Self-modifying code is very common in malware. Conventional static or dynamic approaches cannot handle self-modifying code very well. We combine static and dynamic analysis to fight against self-modifying code with the multiple-path exploration technique. The evaluation results indicate that our approach works well in disassembling executables with self-modifying code with high precision and code coverage compared with the state-of-art disassembler.
暂无评论