基于System-call行为语言模型的异常软件检测系统的设计与实现
首发时间:2020-01-17
摘要:本文设计了一套基于System-call敏感度的行为语言分析SBL(System-call Behavioral Language)系统。本文通过赋予不同System-call不同的敏感度权重,让模型对不同的System-call给予不同的注意力,同时通过LSTM(Long Short-Term Memory)来自动捕获正常和异常System-call之间的语义信息、前后依赖关系和更深层的抽象特征。本文所提出的SBL分析系统,可以有效地提升模型对未知攻击的识别能力,在测试集和未知序列集上分别达到了99%和85%的准确率,超过传统机器学习k近邻和随机森林算法,以及基于语言模型的异常检测算法。
For information in English, please click here
Design and implementation of Malware Detection System using a System-call Behavior Language Model
Abstract:In this paper, we propose a new System-call based algorithm of sequence preprocessing and a method of attention calculation for designing sensitivity based behavioral language analysis System SBL. The model gives different attention to different System-calls by calculating different system-call different sensitivity weights, while LSTM automatically captures information about semantic, contexts, and hidden features. The SBL analysis system proposed in this paper can effectively improve the recognition ability of the model for unknown attacks. It achieves 99% and 85% accuracy respectively on the test datasets on the unknown sequence dataset of Host, which far exceeds the results of traditional machine learning algorithms KNN and RF, as well as the language model based anomaly detection algorithm.
Keywords: System-call AttentionSensitivity Behavioral Language LSTM
基金:
引用
No.****
同行评议
共计0人参与
勘误表
基于System-call行为语言模型的异常软件检测系统的设计与实现
评论
全部评论0/1000