基于神经网络平滑聚合机制的恶意代码增量训练及检测
Malware incremental training and detection method based on neural network smooth aggregation mechanism
郭志民 1陈岑 1李暖暖 1蔡军飞 1张铮1
作者信息
- 1. 国网河南省电力公司电力科学研究院,郑州 450000
- 折叠
摘要
为保证恶意代码变种检测模型的时效性,传统基于机器(深度)学习的检测方法通过集成历史数据和新增数据进行重训练更新模型存在训练效率低的问题.笔者提出一种基于神经网络平滑聚合机制的恶意代码增量学习方法,通过设计神经网络模型平滑聚合函数使模型平滑演进,通过添加训练规模因子,避免增量模型因训练规模较小而影响聚合模型的准确性.实验结果表明,对比重训练方法,增量学习方法在提升训练效率的同时,几乎不降低模型的准确性.
Abstract
To ensure the timeliness of malware variant detection models,traditional machine (deep) learning-based detection methods integrate historical and incremental data and retrain to update detection models. However,this approach often suffers from low training efficiency. Therefore,this paper proposes an incremental learning method based on a neural network smooth aggregation mechanism for detecting malware variants,facilitating the smooth evolution of detection models. The method introduces a training scale factor to prevent the decrement of accuracy in the aggregated incremental model due to small training scales. Experimental results show that the proposed incremental learning method can improve training efficiency while maintaining the accuracy of the detection model compared to the re-training method.
关键词
恶意代码变种检测/增量学习/神经网络/模型聚合Key words
malware variants detection/incremental learning/neural network/model aggregation引用本文复制引用
基金项目
国家电网有限公司总部科技项目(5700-202024193A-0-0-00)
出版年
2024
国家科技期刊平台
NSTL
万方数据