Byte-Level Function-Associated Method for Malware Detection

作     者：Jingwei Hao Senlin Luo Limin Pan 

作者机构：Information System&Security and Countermeasures Experiments CenterBeijing Institute of TechnologyBeijing100081China 

出 版 物：《Computer Systems Science & Engineering》 (计算机系统科学与工程（英文）)

年 卷 期：2023年第46卷第7期

页      面：719-734页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：This work is supported in part by the Information Security Software Project(2020)of the Ministry of Industry and Information Technology PR China under Grant CEIEC-2020-ZM02-0134 

主　　题：Byte function malware backdoor attack semantic representation model visualization 

摘      要：The byte stream is widely used in malware detection due to its independence of reverse ***,existing methods based on the byte stream implement an indiscriminate feature extraction strategy,which ignores the byte function difference in different segments and fails to achieve targeted feature extraction for various byte semantic representation modes,resulting in byte semantic *** address this issue,an enhanced adversarial byte function associated method for malware backdoor attack is proposed in this paper by categorizing various function bytes into three functions involving structure,code,and *** Minhash algorithm,grayscale mapping,and state transition probability statistics are then used to capture byte semantics from the perspectives of text signature,spatial structure,and statistical aspects,respectively,to increase the accuracy of byte semantic ***,the three-channel malware feature image is constructed based on different function byte semantics,and a convolutional neural network is applied for *** on multiple data sets from 2018 to 2021 show that the method can effectively combine byte functions to achieve targeted feature extraction,avoid byte semantic confusion,and improve the accuracy of malware detection.