A Malicious Code Static Detection Framework Based on Multi-Feature Ensemble Learning

Yang Wang; Gao Mingzhe; Jiang Ting

doi:10.7544/issn1000-1239.2021.20200912

Journal of Computer Research and Development > 2021 > 58(5): 1021-1034. > DOI: 10.7544/issn1000-1239.2021.20200912

Yang Wang, Gao Mingzhe, Jiang Ting. A Malicious Code Static Detection Framework Based on Multi-Feature Ensemble Learning[J]. Journal of Computer Research and Development, 2021, 58(5): 1021-1034. DOI: 10.7544/issn1000-1239.2021.20200912

Citation:

PDF (2241 KB)

A Malicious Code Static Detection Framework Based on Multi-Feature Ensemble Learning

(School of Cyber Science and Engineering, Southeast University, Nanjing 211189) (Key Laboratory of Computer Network and Information Integration(Southeast University), Ministry of Education, Nanjing 211189) (Jiangsu Provincial Key Laboratory of Computer Network Technology (Southeast University), Nanjing 211189)

Funds: This work was supported by the National Natural Science Foundation of China (62072100).

More Information

Published Date: April 30, 2021

Graphical Abstract

Abstract

Abstract

With the popularity of the Internet and the rapid development of 5G communication technology, the threats to cyberspace are increasing, especially the exponential increase in the number of malware and the explosive increase in the number of variants of their families. The traditional signature-based malware detection is too slow to handle the millions of new malwares emerged every day, while the false positive and false negative rates of general machine learning classifiers are significantly too high. At the same time malware packing, obfuscation and other adversarial techniques have caused more trouble to the situation. Based on this, we propose a static malware detection framework based on multi-feature ensemble learning. By extracting the non-PE (Portable Executable) structure feature, visible string feature, sink assembly code sequences feature, PE structure feature and function call relationship feature from the malware, we construct models matching each feature, and use Bagging and Stacking ensemble algorithms to reduce the risk of overfitting. Finally we adopt the weighted voting algorithm to further aggregate the output results of the ensemble model. The experimental results show the detection accuracy of multi-feature multi-model aggregation algorithm can reach 96.99%, which prove the method has better malware identification ability than other static detection methods, and higher recognition rate for malwares using packing or obfuscation techniques.
- malicious code,
- multiple features,
- ensemble learning,
- policy voting,
- static detection

FullText(HTML)

References (0)

[1]	Fu Nan, Ni Weiwei, Jiang Zepeng, Hou Lihe, Zhang Dongyue, Zhang Ruyu. Directed Graph Clustering Algorithm with Edge Local Differential Privacy[J]. Journal of Computer Research and Development, 2025, 62(1): 256-268. DOI: 10.7544/issn1000-1239.202330193
[2]	Xia Sibo, Ma Minghua, Jin Pengxiang, Cui Liyue, Zhang Shenglin, Jin Wa, Sun Yongqian, Pei Dan. Response Time Anomaly Diagnosis for Search Service[J]. Journal of Computer Research and Development, 2024, 61(6): 1573-1584. DOI: 10.7544/issn1000-1239.202330054
[3]	Zhang Xiaojian, Xu Yaxin, Fu Nan, Meng Xiaofeng. Towards Private Key-Value Data Collection with Histogram[J]. Journal of Computer Research and Development, 2021, 58(3): 624-637. DOI: 10.7544/issn1000-1239.2021.20200319
[4]	Ding Yong, Li Jiahui, Tang Shijie, Wang Huiyong. Template Protection of Speaker Recognition Based on Random Mapping Technology[J]. Journal of Computer Research and Development, 2020, 57(10): 2201-2208. DOI: 10.7544/issn1000-1239.2020.20200474
[5]	Li Shengdong, Lü Xueqiang. Static Restart Stochastic Gradient Descent Algorithm Based on Image Question Answering[J]. Journal of Computer Research and Development, 2019, 56(5): 1092-1100. DOI: 10.7544/issn1000-1239.2019.20180472
[6]	Chen Chi, Feng Dengguo, and Xu Zhen. Research on Database Transaction Recovery Log and Intrusion Response[J]. Journal of Computer Research and Development, 2010, 47(10): 1797-1804.
[7]	Mu Chengpo, Huang Houkuan, Tian Shengfeng, Li Xiangjun. A Survey of Intrusion Response Decision-Making Techniques of Automated Intrusion Response Systems[J]. Journal of Computer Research and Development, 2008, 45(8): 1290-1298.
[8]	Shi Jin, Lu Yin, and Xie Li. Dynamic Intrusion Response Based on Game Theory[J]. Journal of Computer Research and Development, 2008, 45(5): 747-757.
[9]	Liu Li, Wang Zhaoqi, Xia Shihong, Li Chunpeng. Research on Directional Penetration Depth Algorithm in Collision Response[J]. Journal of Computer Research and Development, 2008, 45(3): 519-526.
[10]	Shi Rui and Yang Xiaozong. Research on the Node Spatial Probabilistic Distribution of the Random Waypoint Mobility Model for Ad Hoc Network[J]. Journal of Computer Research and Development, 2005, 42(12): 2056-2062.

Cited By

Cited by

Periodical cited type(6)

1.	付楠，倪巍伟，姜泽鹏，侯立贺，张东月，张如玉. 基于本地边差分隐私的有向图聚类算法. 计算机研究与发展. 2025(01): 256-268 . 本站查看
2.	彭鹏，倪志伟，朱旭辉，陈千. 改进萤火虫群算法协同差分隐私的干扰轨迹发布. 计算机应用. 2024(02): 496-503 .
3.	刘利康，周春来. RCP:本地差分隐私下的均值保护技术. 计算机科学. 2023(02): 333-345 .
4.	陈叶旺，曹海露，陈谊，康昭，雷震，杜吉祥. 面向大规模数据的DBSCAN加速算法综述. 计算机研究与发展. 2023(09): 2028-2047 . 本站查看
5.	尹诗玉，朱友文，张跃. 效用优化的本地差分隐私联合分布估计机制. 计算机科学. 2023(10): 315-326 .
6.	琚晓颖，何金莉，石琇赟，李顺勇. 基于拉普拉斯机制的集成分类隐私保护研究. 长江信息通信. 2022(08): 23-27 .