Author:
Lu Shoupu,Li Qingbao,Zhu Xinbing
Abstract
Abstract
Network attacks using advanced local hiding technology have not only increased, but also become a serious threat. However, attacks using these technologies can not be detected through traffic detection, and some attacks imitate benign traffic to avoid detection. To solve these problems, a malware process detection method based on process behavior in possibly infected terminals is proposed. In this method, a deep neural network is introduced to classify malware processes. Firstly, the recurrent neural network is trained to extract the characteristics of process behavior. Secondly, training convolutional neural network is used to classify feature images generated by trained RNN features. The experiments results show that this method can effectively extract the features of malicious processes, and the AUC of ROC curve is 0.97 in the best case.
Subject
General Physics and Astronomy
Reference17 articles.
1. Advance Persistent Threat Detection Using Long Short- Term Memory (LSTM) Neural Networks[A];Charan,2019
2. N-gram-based detection of new malicious code[A];Abou-Assaleh,2004
3. New malicious code detection using variable length n-grams[A];Reddy,2006
4. An anomaly detection system based on variable N-gram features and one-class SVM[J];Khreich;Information and Software Technology,2017
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献