当前位置:
X-MOL 学术
›
IEEE Trans. Inform. Forensics Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
SIa-CBc: Sensitive Intent-Assisted and Crucial Behavior-Cognized Malware Detection Based on Human Brain Cognitive Theory
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2024-05-30 , DOI: 10.1109/tifs.2024.3407655 Chao Jing 1 , Chaoyuan Cui 2 , Yun Wu 2
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2024-05-30 , DOI: 10.1109/tifs.2024.3407655 Chao Jing 1 , Chaoyuan Cui 2 , Yun Wu 2
Affiliation
API call sequence-based approaches are proven to have significant superiority in malware detection but generally overlook or evade two core issues: (
$i$
) ignoring parameters and return values that contain more fine-grained security semantic sensitive information (SSSI) and (
$ii$
) handling lengthy API call sequences roughly, causing the poor interpretability and incompleteness of program behavior semantics. To effectively overcome these issues, we propose SIa-CBc, a sensitive intent-assisted and crucial behavior-cognized malware detection method leveraging human brain cognitive theory, which consists of two key modules. (
$i$
) SIa divides the vast and heterogeneous SSSI space into a few categories, meanwhile representing the sensitive intents to assist API calls. (
$ii$
) CBc extracts crucial snippets from lengthy API call sequences via judgment and multi-step reasoning and further obtains their representations. The embedding representations from the previous two modules are concatenated as the input of ten representative baseline networks. Our experimental results indicate that SIa-CBc achieves an enhancement in malware detection accuracy ranging from 14.08% to 28.01%, reduces the average detection time per sample by 0.28 to 16.29 ms, and improves the defense against adversarial sample attacks by 4.86% to 55.04%. Moreover, SIa-CBc demonstrates outstanding performance compared to recent methods, not only limited to detection but also encompassing enhanced resilience to intricate adversarial tactics, thereby ensuring reliable protection without the need for frequent re-training. This underscores the model’s innovative approach in leveraging human brain cognitive theory-based techniques for heightened security efficacy.
中文翻译:
SIa-CBc:基于人脑认知理论的敏感意图辅助和关键行为认知恶意软件检测
基于API调用序列的方法被证明在恶意软件检测方面具有显着的优越性,但通常忽略或回避两个核心问题:($i$)忽略包含更细粒度的安全语义敏感信息(SSSI)的参数和返回值和($ ii$ )粗暴地处理冗长的API调用序列,导致程序行为语义的可解释性差和不完整。为了有效克服这些问题,我们提出了SIa-CBc,一种利用人脑认知理论的敏感意图辅助和关键行为识别的恶意软件检测方法,它由两个关键模块组成。 ( $i$ ) SIa 将庞大且异构的 SSSI 空间分为几个类别,同时表示协助 API 调用的敏感意图。 ( $ii$ ) CBc 通过判断和多步推理从冗长的 API 调用序列中提取关键片段,并进一步获得其表示。前两个模块的嵌入表示连接起来作为十个代表性基线网络的输入。我们的实验结果表明,SIa-CBc 的恶意软件检测准确率提高了 14.08% 至 28.01%,每个样本的平均检测时间减少了 0.28 至 16.29 ms,对抗性样本攻击的防御能力提高了 4.86% 至 55.04% 。此外,与最近的方法相比,SIa-CBc 表现出了出色的性能,不仅限于检测,还包括增强对复杂对抗策略的恢复能力,从而确保可靠的保护,而无需频繁的重新训练。这强调了该模型在利用基于人脑认知理论的技术来提高安全效率方面的创新方法。
更新日期:2024-05-30
中文翻译:
SIa-CBc:基于人脑认知理论的敏感意图辅助和关键行为认知恶意软件检测
基于API调用序列的方法被证明在恶意软件检测方面具有显着的优越性,但通常忽略或回避两个核心问题:($i$)忽略包含更细粒度的安全语义敏感信息(SSSI)的参数和返回值和($ ii$ )粗暴地处理冗长的API调用序列,导致程序行为语义的可解释性差和不完整。为了有效克服这些问题,我们提出了SIa-CBc,一种利用人脑认知理论的敏感意图辅助和关键行为识别的恶意软件检测方法,它由两个关键模块组成。 ( $i$ ) SIa 将庞大且异构的 SSSI 空间分为几个类别,同时表示协助 API 调用的敏感意图。 ( $ii$ ) CBc 通过判断和多步推理从冗长的 API 调用序列中提取关键片段,并进一步获得其表示。前两个模块的嵌入表示连接起来作为十个代表性基线网络的输入。我们的实验结果表明,SIa-CBc 的恶意软件检测准确率提高了 14.08% 至 28.01%,每个样本的平均检测时间减少了 0.28 至 16.29 ms,对抗性样本攻击的防御能力提高了 4.86% 至 55.04% 。此外,与最近的方法相比,SIa-CBc 表现出了出色的性能,不仅限于检测,还包括增强对复杂对抗策略的恢复能力,从而确保可靠的保护,而无需频繁的重新训练。这强调了该模型在利用基于人脑认知理论的技术来提高安全效率方面的创新方法。
京公网安备 11010802027423号