基于CBAM和原型网络的小样本恶意软件分类模型
Classification model of few-sample malware based on CBAM and prototypical network
周景贤 1崔海彬 2李志平1
作者信息
- 1. 中国民航大学信息安全测评中心,天津 300300
- 2. 中国民航大学信息安全测评中心,天津 300300;中国民航大学计算机科学与技术学院,天津 300300
- 折叠
摘要
为解决小样本条件下恶意软件分类准确率低的问题,提出一种基于CBAM(convolutional block attention module)和原型网络的恶意软件分类模型.利用图像转换算法将恶意软件可执行文件转换为灰度图像;将残差连接和CBAM引入模型的特征嵌入模块,从通道和空间两个维度上增强关键特征表达,使得到的特征更具分辨性;提出联合损失函数,在距离交叉熵损失的基础上加入原型损失,通过减小类内距离的方式进一步扩增类间距离,使模型在样本数量有限的情况下取得良好的分类效果.实验结果表明,在每类恶意软件仅有5个样本的情况下,模型的分类准确率仍可达到83.12%.
Abstract
To solve the problem of low accuracy of malware classification under the condition of few-sample,a malware classifica-tion model based on CBAM(convolutional block attention module)and prototypical network was proposed.The image conver-sion algorithm was used to convert malware executable files into grayscale images.The residual connection and CBAM were introduced into the feature embedding module of the model to enhance the expression of key features from the two dimensions of channel and space,so that the features obtained were more distinguishable.A joint loss function was proposed,which added pro-totype loss on the basis of distance based cross entropy loss,and further expanded the distance between classes by reducing the distance within a class,so that the model achieved good classification results when the number of samples was limited.Experi-mental results show that the classification accuracy of the model can still reach 83.12%when there are only 5 samples of each type malware.
关键词
恶意软件分类/灰度图/小样本学习/卷积神经网络/注意力机制/原型网络/联合损失函数Key words
malware classification/grayscale image/few-shot learning/convolutional neural network/attention mechanism/prototypical network/joint loss function引用本文复制引用
基金项目
国家自然科学基金项目(U1533104)
民航安全能力建设基金项目(PESA2019074)
民航安全能力建设基金项目(PESA2021009)
中央高校基本科研业务费中国民航大学专项基金项目(3122018C036)
中央高校基本科研业务费中国民航大学专项基金项目(3122022058)
出版年
2024
NETL
NSTL
万方数据