微信服务号

微信订阅号

2025年5月13日 21:19 星期二
首页 > 过刊浏览>2024年第35卷第8期 >3785-3808. DOI:10.13328/j.cnki.jos.007080
PDF HTML阅读 XML下载 导出引用 引用提醒
面向小样本的恶意软件检测综述
作者:
作者简介:

刘昊(1996-), 男, 博士生, 主要研究领域为网络空间安全, 恶意软件检测, 机器学习;田志宏(1978-), 男, 博士, 教授, 博士生导师, CCF杰出会员, 主要研究领域为网络攻防对抗, 网络靶场, 主动实时防护;仇晶(1983-), 女, 博士, 教授, 博士生导师, CCF杰出会员, 主要研究领域为网络空间安全威胁感知领域基础理论, 先进智能算法设计;刘园(1986-), 女, 博士, 教授, 博士生导师, CCF杰出会员, 主要研究领域为网络安全, 机制设计, 博弈理论;方滨兴(1960-), 男, 博士, 教授, 博士生导师, 主要研究领域为计算机网络, 信息安全.

通讯作者:

田志宏, E-mail: tianzhihong@gzhu.edu.cn

基金项目:

国家自然科学基金(U20B2046); 国家重点研发计划(2021YFB2012402); 广东省高校创新团队项目(2020KCXTD007); 广州市高校创新团队项目(202032854)


Survey on Few-shot for Malware Detection
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [144]
    • |
  • 相似文献 [20]
    • | | |
  • 文章评论
    摘要:

    恶意软件检测是网络空间安全研究中的热点问题, 例如Windows恶意软件检测和安卓恶意软件检测等. 随着机器学习和深度学习的发展, 一些在图像识别、自然语言处理领域的杰出算法被应用到恶意软件检测, 这些算法在大量数据下表现出了优异的学习性能. 但是, 恶意软件检测中有一些具有挑战性的问题仍然没有被有效解决, 例如, 基于少量新颖类型的恶意软件, 常规的学习方法无法实现有效检测. 因此, 小样本学习(few-shot learning, FSL)被用于解决面向小样本的恶意软件检测(few-shot for malware detection, FSMD)问题. 通过相关文献, 提取出FSMD的问题定义和一般流程. 根据方法原理, 将FSMD方法分为: 基于数据增强的方法、基于元学习的方法和多技术结合的混合方法, 并讨论每类FSMD方法的特点. 最后, 提出对FSMD的背景、技术和应用的展望.

    Abstract:

    Malware detection is a hotspot of cyberspace security research, such as Windows malware detection and Android malware detection. With the development of machine learning and deep learning, some outstanding algorithms in the fields of image recognition and natural language processing have been applied to malware detection. These algorithms have shown excellent learning performance with a large amount of data. However, there are some challenging problems in malware detection that have not been solved effectively. For instance, conventional learning methods cannot achieve effective detection based on a few novel malware. Therefore, few-shot learning (FSL) is adopted to solve the few-shot for malware detection (FSMD) problems. This study extracts the problem definition and the general process of FSMD by the related research. According to the principle of the method, FSMD methods are divided into methods based on data augmentation, methods based on meta-learning, and hybrid methods combining multiple technologies. Then, the study discusses the characteristics of each FSMD method. Finally, the background, technology, and application prospects of FSMD are proposed.

    参考文献
    [1] Ye YF, Li T, Adjeroh D, Iyengar SS. A survey on malware detection using data mining techniques. ACM Computing Surveys, 2017, 50(3): 41.
    [2] Qiu JY, Zhang J, Luo W, Pan L, Nepal S, Xiang Y. A survey of Android malware detection with deep neural models. ACM Computing Surveys, 2021, 53(6): 126.
    [3] He MS, Wang XJ, Zhou JH, Xi YY, Jin L, Wang XL. Deep-feature-based autoencoder network for few-shot malicious traffic detection. Security and Communication Networks, 2021, 2021: 6659022.
    [4] Al-Garadi MA, Mohamed A, Al-Ali AK, Du XJ, Ali I, Guizani M. A survey of machine and deep learning methods for Internet of Things (IoT) security. IEEE Communications Surveys & Tutorials, 2020, 22(3): 1646–1685.
    [5] Tran TK, Sato H, Kubo M. One-shot learning approach for unknown malware classification. In: Proc. of the 5th Asian Conf. on Defense Technology (ACDT). Hanoi: IEEE, 2018. 8–13.
    [6] Bai YD, Xing ZC, Li XH, Feng ZY, Ma DY. Unsuccessful story about few shot malware family classification and siamese network to the rescue. In: Proc. of the 42nd IEEE/ACM Int’l Conf. on Software Engineering (ICSE). Seoul: IEEE, 2020. 1560–1571.
    [7] Wang YQ, Yao QM, Kwok JT, Ni LM. Generalizing from a few examples: A survey on few-shot learning. ACM Computing Surveys, 2020, 53(3): 63.
    [8] Zuffi S, Kanazawa A, Black MJ. Lions and tigers and bears: Capturing non-rigid, 3D, articulated shape from images. In: Proc. of the 2018 IEEE/CVF Conf. on Computer Vision and Pattern Recognition. Salt Lake City: IEEE, 2018. 3955–3963.
    [9] Clarivate. Web of Science. 2022. https://www.webofscience.com/wos/alldb/basic-search
    [10] Duan RX, Li D, Tong Q, Yang T, Liu XT, Liu XL. A survey of few-shot learning: An effective method for intrusion detection. Security and Communication Networks, 2021, 2021: 4259629.
    [11] Gibert D, Mateu C, Planes J, Vicens R. Classification of malware by using structural entropy on convolutional neural networks. In: Proc. of the 32nd AAAI Conf. on Artificial Intelligence and the 30th Innovative Applications of Artificial Intelligence Conf. and the 8th AAAI Symp. on Educational Advances in Artificial Intelligence. New Orleans: AAAI Press, 2018. 952.
    [12] Pastrana S, Suarez-Tangil G. A first look at the crypto-mining malware ecosystem: A decade of unrestricted wealth. In: Proc. of the 2019 Internet Measurement Conf. Amsterdam: Association for Computing Machinery, 2019. 73–86.
    [13] Backdoor: Win32/Simda threat description. 2017. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Backdoor:Win32/Simda
    [14] Win32/FakeRean threat description. 2017. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Win32/FakeRean
    [15] Jiang T, Gradus JL, Rosellini AJ. Supervised machine learning: A brief primer. Behavior Therapy, 2020, 51(5): 675–687.
    [16] Kasarapu S, Shukla S, Hassan R, Sasan A, Homayoun H, Sai Manoj PD. CAD-FSL: Code-aware data generation based few-shot learning for efficient malware detection. In: Proc. of the 2022 Great Lakes Symp. on VLSI. Irvine: Association for Computing Machinery, 2022. 507–512.
    [17] Hospedales T, Antoniou A, Micaelli P, Storkey A. Meta-learning in neural networks: A survey. IEEE Trans. on Pattern Analysis and Machine Intelligence, 2022, 44(9): 5149–5169.
    [18] Ye TP, Li GL, Ahmad I, Zhang CF, Lin X, Li JH. FLAG: Few-shot latent Dirichlet generative learning for semantic-aware traffic detection. IEEE Trans. on Network and Service Management, 2022, 19(1): 73–88.
    [19] Wang W, Zhu M, Zeng XW, Ye XZ, Sheng YQ. Malware traffic classification using convolutional neural network for representation learning. In: Proc. of the 2017 Int’l Conf. on Information Networking (ICOIN). Da Nang: IEEE, 2017. 712–717.
    [20] Intrusion detection evaluation dataset (CIC-IDS2017). 2023. https://www.unb.ca/cic/datasets/ids-2017.html
    [21] Li YC, Lian Y, Wang JJ, Chen YH, Wang CM, Pu SL. Few-shot one-class domain adaptation based on frequency for iris presentation attack detection. In: Proc. of the 2022 IEEE Int’l Conf. on Acoustics, Speech and Signal Processing (ICASSP). Singapore: IEEE, 2022. 2480–2484.
    [22] Yambay D, Becker B, Kohli N, Yadav D, Czajka A, Bowyer KW, Schuckers S, Singh R, Vatsa M, Noore A, Gragnaniello D, Sansone C, Verdoliva L, He LX, Ru YW, Li HQ, Liu NF, Sun ZN, Tan TN. LivDet iris 2017—Iris liveness detection competition 2017. In: Proc. of the 2017 IEEE Int’l Joint Conf. on Biometrics (IJCB). Denver: IEEE, 2017. 733–741.
    [23] Park S, Gondal I, Kamruzzaman J, Zhang L. One-shot malware outbreak detection using spatio-temporal isomorphic dynamic features. In: Proc. of the 18th IEEE Int’l Conf. on Trust, Security and Privacy in Computing and Communications and the 13th IEEE Int’l Conf. on Big Data Science and Engineering (TrustCom/BigDataSE). Rotorua: IEEE, 2019. 751–756.
    [24] Qiang Q, Cheng M, Hu Y, Zhou Y, Sun JW, Ding Y, Qi ZS, Jiao F. An incremental malware classification approach based on few-shot learning. In: Proc. of the 2022 IEEE Int’l Conf. on Communications. Seoul: IEEE, 2022. 2682–2687.
    [25] Ki Y, Kim E, Kim HK. A novel approach to detect malware based on API call sequence analysis. Int’l Journal of Distributed Sensor Networks, 2015, 11(6): 659101.
    [26] 王方伟, 柴国芳, 李青茹, 王长广. 基于参数优化元学习和困难样本挖掘的小样本恶意软件分类方法. 武汉大学学报(理学版), 2022, 68(1): 17–25.
    Wang FW, Chai GF, Li QR, Wang CG. Classification of few-sample malware based on parameter-optimized meta-learning and hard example mining. Journal of Wuhan University (Natural Science Edition), 2022, 68(1): 17–25 (in Chinese with English abstract).
    [27] Nataraj L, Karthikeyan S, Jacob G, Manjunath BS. Malware images: Visualization and automatic classification. In: Proc. of the 8th Int’l Symp. on Visualization for Cyber Security. Pittsburgh: Association for Computing Machinery, 2011. 4.
    [28] Chen MT, Wang YJ, Zhu XT. Few-shot website fingerprinting attack with meta-bias learning. Pattern Recognition, 2022, 130: 108739.
    [29] Rimmer V, Preuveneers D, Juarez M, Van Goethem T, Joosen W. Automated website fingerprinting through deep learning. In: Proc. of the 25th Annual Network and Distributed System Security Symp. San Diego: The Internet Society, 2018.
    [30] Gong JJ, Wang T. Zero-delay lightweight defenses against website fingerprinting. In: Proc. of the 29th USENIX Conf. on Security Symp. Berkeley: USENIX Association, 2020. 41.
    [31] Yang JC, Li HW, Shao S, Zou FT, Wu Y. FS-IDS: A framework for intrusion detection based on few-shot learning. Computers & Security, 2022, 122: 102899.
    [32] Li TT, Hong Z, Liu LS, Wen ZY, Yu L. META-WF: Meta-learning-based few-shot wireless impersonation detection for Wi-Fi networks. IEEE Communications Letters, 2021, 25(11): 3585–3589.
    [33] Kolias C, Kambourakis G, Stavrou A, Gritzalis S. Intrusion detection in 802.11 networks: Empirical evaluation of threats and a public dataset. IEEE Communications Surveys & Tutorials, 2016, 18(1): 184–208.
    [34] Li KH, Ma WG, Duan HW, Xie H, Zhu JX. Few-shot IoT attack detection based on RFP-CNN and adversarial unsupervised domain-adaptive regularization. Computers & Security, 2022, 121: 102856.
    [35] Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, 2012, 31(3): 357–374.
    [36] Alsaedi A, Moustafa N, Tari Z, Mahmood A, Anwar A. TON_IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems. IEEE Access, 2020, 8: 165130–165150.
    [37] Tran K, Sato H, Kubo M. MANNWARE: A malware classification approach with a few samples using a memory augmented neural network. Information, 2020, 11(1): 51.
    [38] Nappa A, Rafique MZ, Caballero J. The MALICIA dataset: Identification and analysis of drive-by download operations. Int’l Journal of Information Security, 2015, 14(1): 15–33.
    [39] VirusTotal. 2023. https://www.virustotal.com/gui/home/upload
    [40] Tran TK, Sato H, Kubo M. Image-based unknown malware classification with few-shot learning models. In: Proc. of the 11th Int’l Symp. on Computing and Networking Workshops (CANDARW). Nagasaki: IEEE, 2019. 401–407.
    [41] Wang P, Tang ZJ, Wang JF. A novel few-shot malware classification approach for unknown family recognition with multi-prototype modeling. Computers & Security, 2021, 106: 102273.
    [42] VirusShare_00177. md5. 2023. https://virusshare.com/hashfiles/VirusShare_00177.md5
    [43] Hsiao SC, Kao DY, Liu ZY, Tso R. Malware image classification using one-shot learning with siamese networks. Procedia Computer Science, 2019, 159: 1863–1871.
    [44] VirusShare.com. 2023. https://virusshare.com
    [45] Zhu JT, Jang-Jaccard J, Singh A, Welch I, Al-Sahaf H, Camtepe S. A few-shot meta-learning based siamese neural network using entropy features for ransomware classification. Computers & Security, 2022, 117: 102691.
    [46] Russakovsky O, Deng J, Su H, Krause J, Satheesh S, Ma SA, Huang ZH, Karpathy A, Khosla A, Bernstein M, Berg AC, Li FF. ImageNet large scale visual recognition challenge. Int’l Journal of Computer Vision, 2015, 115(3): 211–252.
    [47] Ale L, Li LZ, Kar D, Zhang N, Palikhe A. Few-shot learning to classify Android malwares. In: Proc. of the 5th IEEE Int’l Conf. on Signal and Image Processing (ICSIP). Nanjing: IEEE, 2020. 1001–1007.
    [48] Investigation of the Android malware (CIC-InvesAndMal2019). 2023. https://www.unb.ca/cic/datasets/invesandmal2019.html
    [49] Xu CY, Shen JZ, Du X. A method of few-shot network intrusion detection based on meta-learning framework. IEEE Trans. on Information Forensics and Security, 2020, 15: 3540–3552.
    [50] Virustotal package—Rdocumentation. 2022. https://www.rdocumentation.org/packages/virustotal/versions/0.2.1
    [51] Chai YH, Qiu J, Yin LH, Zhang LJ, Gupta BB, Tian ZH. From data and model levels: Improve the performance of few-shot malware classification. IEEE Trans. on Network and Service Management, 2022, 19(4): 4248–4261.
    [52] Yang LM, Ciptadi A, Laziuk I, Ahmadzadeh A, Wang G. BODMAS: An open dataset for learning based temporal analysis of PE malware. In: Proc. of the 2021 IEEE Security and Privacy Workshops (SPW). San Francisco: IEEE, 2021. 78–84.
    [53] Fang ZY, Wang JF, Li BY, Wu SQ, Zhou YJ, Huang HY. Evading anti-malware engines with deep reinforcement learning. IEEE Access, 2019, 7: 48867–48879.
    [54] Tang ZJ, Wang P, Wang JF. ConvProtoNet: Deep prototype induction towards better class representation for few-shot malware classification. Applied Sciences, 2020, 10(8): 2847.
    [55] Arp D, Spreitzenbarth M, Hubner M, Gascon H, Rieck K. DREBIN: Effective and explainable detection of Android malware in your pocket. In: Proc. of the 21st Annual Network and Distributed System Security Symp. San Diego: The Internet Society, 2014. 23–26.
    [56] Chai YH, Du L, Qiu J, Yin LH, Tian ZH. Dynamic prototype network based on sample adaptation for few-shot malware detection. IEEE Trans. on Knowledge and Data Engineering, 2022, 35(5): 4754–4766.
    [57] Zhou YJ, Jiang XX. Dissecting Android malware: Characterization and evolution. In: Proc. of the 2012 IEEE Symp. on Security and Privacy. San Francisco: IEEE, 2012. 95–109.
    [58] Wei FG, Li YP, Roy S, Ou XM, Zhou W. Deep ground truth analysis of current Android malware. In: Proc. of the 14th Int’l Conf. on Detection of Intrusions and Malware, and Vulnerability Assessment. Bonn: Springer, 2017. 252–276.
    [59] Rong CD, Gou GP, Hou CS, Li Z, Xiong G, Guo L. UMVD-FSL: Unseen malware variants detection using few-shot learning. In: Proc. of the 2021 Int’l Joint Conf. on Neural Networks (IJCNN). Shenzhen: IEEE, 2021. 1–8.
    [60] Datasets Overview—Stratosphere IPS. 2023. https://www.stratosphereips.org/datasets-overview
    [61] Feng TT, Qi Q, Wang JY, Liao JX. Few-shot class-adaptive anomaly detection with model-agnostic meta-learning. In: Proc. of the 2021 IFIP Networking Conf. (IFIP Networking). Espoo: IEEE, 2021. 1–9.
    [62] Android Malware Dataset (CIC-AndMal2017). 2022. https://www.unb.ca/cic/datasets/andmal2017.html
    [63] Yuan SH, Zheng PP, Wu XT, Tong HH. Few-shot insider threat detection. In: Proc. of the 29th ACM Int’l Conf. on Information & Knowledge Management. New York: Association for Computing Machinery, 2020. 2289–2292.
    [64] Glasser J, Lindauer B. Bridging the gap: A pragmatic approach to generating insider threat data. In: Proc. of the 2013 IEEE Security and Privacy Workshops. San Francisco: IEEE, 2013. 98–104.
    [65] Kumar S, Spezzano F, Subrahmanian V. VEWS: A wikipedia vandal early warning system. In: Proc. of the 21st ACM SIGKDD Int’l Conf. on Knowledge Discovery and Data Mining. Sydney: Association for Computing Machinery, 2015. 607–616.
    [66] Pouyanfar S, Sadiq S, Yan YL, Tian HM, Tao YD, Reyes MP, Shyu ML, Chen SC, Iyengar SS. A survey on deep learning: Algorithms, techniques, and applications. ACM Computing Surveys, 2018, 51(5): 92.
    [67] Benaim S, Wolf L. One-shot unsupervised cross domain translation. In: Proc. of the 32nd Int’l Conf. on Neural Information Processing Systems. Red Hook: Curran Associates Inc., 2018. 2108–2118.
    [68] Shyam P, Gupta S, Dukkipati A. Attentive recurrent comparators. In: Proc. of the 34th Int’l Conf. on Machine Learning. San Diego: JMLR.org, 2017. 3173–3181.
    [69] Lake BM, Salakhutdinov R, Tenenbaum JB. Human-level concept learning through probabilistic program induction. Science, 2015, 350(6266): 1332–1338.
    [70] Santoro A, Bartunov S, Botvinick M, Wierstra D, Lillicrap T. Meta-learning with memory-augmented neural networks. In: Proc. of the 33rd Int’l Conf. on Int’l Conf. on Machine Learning. New York: JMLR.org, 2016. 1842–1850.
    [71] Goodfellow I, Pouget-Abadie J, Xu B, Warde-Farley D, Ozair S, Courville AC, Bengio Y. Generative adversarial networks. Communications of the ACM, 2020, 63(11): 139–144.
    [72] Blei DM, Ng AY, Jordan MI. Latent Dirichlet allocation. The Journal of machine Learning Research, 2003, 3: 993–1022.
    [73] Ahmed N, Natarajan T, Rao KR. Discrete cosine transform. IEEE Trans. on Computers, 1974, C-23(1): 90–93.
    [74] Oksuz K, Cam BC, Kalkan S, Akbas E. Imbalance problems in object detection: A review. IEEE Trans. on Pattern Analysis and Machine Intelligence, 2021, 43(10): 3388–3415.
    [75] Chen ZX, Yan QB, Han HB, Wang SS, Peng LZ, Wang L, Yang B. Machine learning based mobile malware detection using highly imbalanced network traffic. Information Sciences, 2018(433–434): 346–364.
    [76] Batista GEAPA, Prati RC, Monard MC. A study of the behavior of several methods for balancing machine learning training data. ACM SIGKDD Explorations Newsletter, 2004, 6(1): 20–29.
    [77] Rice L, Wong E, Kolter JZ. Overfitting in adversarially robust deep learning. In: Proc. of the 37th Int’l Conf. on Machine Learning. San Diego: JMLR.org, 2020. 749.
    [78] Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 2002, 16: 321–357.
    [79] Fabbri R, Costa LDF, Torelli JC, Bruno OM. 2D Euclidean distance transform algorithms: A comparative survey. ACM Computing Survey, 2008, 40(1): 2.
    [80] Ye J. Cosine similarity measures for intuitionistic fuzzy sets and their applications. Mathematical and Computer Modelling, 2011, 53(1–2): 91–97.
    [81] Hui H, Wang WY, Mao BH. Borderline-SMOTE: A new over-sampling method in imbalanced data sets learning. In: Proc. of the 2005 Int’l Conf. on Intelligent Computing. Hefei: Springer, 2005. 878–887.
    [82] Douzas G, Bacao F, Last F. Improving imbalanced learning through a heuristic oversampling method based on K-means and SMOTE. Information Sciences, 2018, 465: 1–20.
    [83] Wang Heyong. Combination approach of SMOTE and biased-SVM for imbalanced datasets. In: Proc. of the 2008 IEEE Int’l Joint Conf. on Neural Networks (IEEE World Congress on Computational Intelligence). Hong Kong: IEEE, 2008. 228–231.
    [84] Mukherjee M, Khushi M. SMOTE-ENC: A novel SMOTE-based method to generate synthetic data for nominal and continuous features. Applied System Innovation, 2021, 4(1): 18.
    [85] Shi N, Liu XM, Guan Y. Research on K-means clustering algorithm: An improved K-means clustering algorithm. In: Proc. of the 3rd Int’l Symp. on Intelligent Information Technology and Security Informatics. Jinggangshan: IEEE, 2010. 63–67.
    [86] 王婕婷, 钱宇华, 李飞江, 刘郭庆. 消除随机一致性的支持向量机分类方法. 计算机研究与发展, 2020, 57(8): 1581–1593.
    Wang JT, Qian YH, Li FF, Liu GQ. Support vector machine with eliminating the random consistency. Journal of Computer Research and Development, 2020, 57(8): 1581–1593 (in Chinese with English abstract).
    [87] 沈蒙, 张杰, 祝烈煌, 徐恪, 张开翔, 李辉忠, 唐湘云. 面向征信数据安全共享的SVM训练机制. 计算机学报, 2021, 44(4): 696–708.
    Shen M, Zhang J, Zhu LH, Xu K, Zhang KX, Li HZ, Tang XY. SVM training mechanism for secure sharing of credit data. Chinese Journal of Computers, 2021, 44(4): 696–708 (in Chinese with English abstract).
    [88] 陈琪, 张莉, 蒋竞, 黄新越. 一种基于支持向量机和主题模型的评论分析方法. 软件学报, 2019, 30(5): 1547–1560. http://www.jos.org.cn/1000-9825/5731.htm
    Chen Q, Zhang L, Jiang J, Huang XY. Review analysis method based on support vector machine and latent Dirichlet allocation. Ruan Jian Xue Bao/Journal of Software, 2019, 30(5): 1547–1560 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5731.htm
    [89] Rodríguez P, Bautista MA, Gonzàlez J, Escalera S. Beyond one-hot encoding: Lower dimensional target embedding. Image and Vision Computing, 2018, 75: 21–31.
    [90] He HB, Bai Y, Garcia EA, Li ST. ADASYN: Adaptive synthetic sampling approach for imbalanced learning. In: Proc. of the 2008 IEEE Int’l Joint Conf. on Neural Networks (IEEE world Congress on Computational Intelligence). Hong Kong: IEEE, 2008. 1322–1328.
    [91] Raff E, Nicholas C. Malware classification and class imbalance via stochastic hashed LZJD. In: Proc. of the 10th ACM Workshop on Artificial Intelligence and Security. Dallas: Association for Computing Machinery, 2017. 111–120.
    [92] Tan XP, Su SJ, Huang ZP, Guo XJ, Zuo Z, Sun XY, Li LQ. Wireless sensor networks intrusion detection based on SMOTE and the random forest algorithm. Sensors, 2019, 19(1): 203.
    [93] Niu ZY, Zhong GQ, Yu H. A review on the attention mechanism of deep learning. Neurocomputing, 2021, 452: 48–62.
    [94] Sami A, Yadegari B, Rahimi H, Peiravian N, Hashemi S, Hamze A. Malware detection based on mining API calls. In: Proc. of the 2010 ACM Symp. on Applied Computing. Sierre: ACM, 2010. 1020–1025.
    [95] Han WJ, Xue JF, Wang Y, Huang L, Kong ZX, Mao LM. MalDae: Detecting and explaining malware based on correlation and fusion of static and dynamic characteristics. Computers & Security, 2019, 83: 208–233.
    [96] Sirinam P, Mathews N, Rahman MS, Wright M. Triplet fingerprinting: More practical and portable website fingerprinting with N-shot learning. In: Proc. of the 2019 ACM SIGSAC Conf. on Computer and Communications Security. London: Association for Computing Machinery, 2019. 1131–1148.
    [97] Chen MT, Wang YJ, Qin ZQ, Zhu XT. Few-shot website fingerprinting attack with data augmentation. Security and Communication Networks, 2021, 2021: 2840289.
    [98] Chen MT, Wang YJ, Xu HZ, Zhu XT. Few-shot website fingerprinting attack. Computer Networks, 2021, 198: 108298.
    [99] 谢坤鹏, 卢冶, 靳宗明, 刘义情, 龚成, 陈新伟, 李涛. FAQ-CNN: 面向量化卷积神经网络的嵌入式FPGA可扩展加速框架. 计算机研究与发展, 2022, 59(7): 1409–1427.
    Xie KP, Lu Y, Jin ZM, Liu YQ, Gong C, Chen XW, Li T. FAQ-CNN: A flexible acceleration framework for quantized convolutional neural networks on embedded FPGAs. Journal of Computer Research and Development, 2022, 59(7): 1409–1427 (in Chinese with English abstract).
    [100] 田萱, 王亮, 丁琪. 基于深度学习的图像语义分割方法综述. 软件学报, 2019, 30(2): 440–468. http://www.jos.org.cn/1000-9825/5659.htm
    Tian X, Wang L, Ding Q. Review of image semantic segmentation based on deep learning. Ruan Jian Xue Bao/Journal of Software, 2019, 30(2): 440–468 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5659.htm
    [101] 周飞燕, 金林鹏, 董军. 卷积神经网络研究综述. 计算机学报, 2017, 40(6): 1229–1251.
    Zhou FY, Jin LP, Dong J. Review of convolutional neural network. Chinese Journal of Computers, 2017, 40(6): 1229–1251 (in Chinese with English abstract).
    [102] Vincent P, Larochelle H, Lajoie I, Bengio Y, Manzagol PA. Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion. Journal of Machine Learning Research, 2010, 11: 3371–3408.
    [103] Bengio Y, Courville A, Vincent P. Representation learning: A review and new perspectives. IEEE Trans. on Pattern Analysis and Machine Intelligence, 2013, 35(8): 1798–1828.
    [104] Yin Z, Shen YY. On the dimensionality of word embedding. In: Proc. of the 32nd Int’l Conf. on Neural Information Processing Systems. Red Hook: Curran Associates Inc., 2018. 895–906.
    [105] Finn C, Abbeel P, Levine S. Model-agnostic meta-learning for fast adaptation of deep networks. In: Proc. of the 34th Int’l Conf. on Machine Learning. Sydney: JMLR.org, 2017. 1126–1135.
    [106] Diro AA, Chilamkurti N. Distributed attack detection scheme using deep learning approach for Internet of Things. Future Generation Computer Systems, 2018, 82: 761–768.
    [107] Collier M, Beel J. Implementing neural turing machines. In: Kůrková V, Manolopoulos Y, Hammer B, Iliadis L, Maglogiannis I, eds. Artificial Neural Networks and Machine Learning—ICANN. Cham: Springer, 2018. 94–104.
    [108] Kwon J, Kim J, Park H, Choi KI. ASAM: Adaptive sharpness-aware minimization for scale-invariant learning of deep neural networks. In: Proc. of the 38th Int’l Conf. on Machine Learning. New York: PMLR, 2021. 5905–5914.
    [109] Bromley J, Guyon I, LeCun Y, Sackinger E, Shah R. Signature verification using a “siamese” time delay neural network. In: Proc. of the 6th Int’l Conf. on Neural Information Processing Systems. Denver: Morgan Kaufmann Publishers Inc., 1993. 737–774.
    [110] Shen YY, Zhang FZ, Liu D, Pu WH, Zhang QL. Manhattan-distance IOU loss for fast and accurate bounding box regression and object detection. Neurocomputing, 2022, 500: 99–114.
    [111] bjlittle/imagehash: A Python perceptual image hashing module. 2023. https://github.com/bjlittle/imagehash/
    [112] 孙胜, 李叙晶, 刘敏, 杨博, 过晓冰. 面向异构IoT设备协作的DNN推断加速研究. 计算机研究与发展, 2020, 57(4): 709–722.
    Sun S, Li XJ, Liu M, Yang B, Guo XB. DNN inference acceleration via heterogeneous IoT devices collaboration. Journal of Computer Research and Development, 2020, 57(4): 709–722 (in Chinese with English abstract).
    [113] 焦李成, 孙其功, 杨育婷, 冯雨歆, 李秀芳. 深度神经网络FPGA设计进展、实现与展望. 计算机学报, 2022, 45(3): 441–471.
    Jiao LC, Sun QG, Yang YT, Feng YX, Li XF. Development, implementation and prospect of FPGA-based deep neural networks. Chinese Journal of Computers, 2022, 45(3): 441–471 (in Chinese with English abstract).
    [114] 李旭嵘, 纪守领, 吴春明, 刘振广, 邓水光, 程鹏, 杨珉, 孔祥维. 深度伪造与检测技术综述. 软件学报, 2021, 32(2): 496–518. http://www.jos.org.cn/1000-9825/6140.htm
    Li XR, Ji SL, Wu CM, Liu ZG, Deng SG, Cheng P, Yang M, Kong XW. Survey on deepfakes and detection techniques. Ruan Jian Xue Bao/Journal of Software, 2021, 32(2): 496–518 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6140.htm
    [115] Wen YD, Zhang KP, Li ZF, Qiao Y. A discriminative feature learning approach for deep face recognition. In: Proc. of the 14th European Conf. on Computer Vision. Amsterdam: Springer, 2016. 499–515.
    [116] Vinyals O, Blundell C, Lillicrap T, Kavukcuoglu K, Wierstra D. Matching networks for one shot learning. In: Proc. of the 30th Int’l Conf. on Neural Information Processing Systems. Barcelona: Curran Associates Inc., 2016. 3637–3645.
    [117] 胡超文, 邬昌兴, 杨亚连. 基于扩展的S-LSTM的文本蕴含识别. 计算机研究与发展, 2020, 57(7): 1481–1489.
    Hu CW, Wu CX, Yang YL. Extended S-LSTM based textual entailment recognition. Journal of Computer Research and Development, 2020, 57(7): 1481–1489 (in Chinese with English abstract).
    [118] 谢昭, 周义, 吴克伟, 张顺然. 基于时空关注度LSTM的行为识别. 计算机学报, 2021, 44(2): 261–274.
    Xie Z, Zhou Y, Wu KW, Zhang SR. Activity recognition based on spatial-temporal attention LSTM. Chinese Journal of Computers, 2021, 44(2): 261–274 (in Chinese with English abstract).
    [119] 段旭, 吴敬征, 罗天悦, 杨牧天, 武延军. 基于代码属性图及注意力双向LSTM的漏洞挖掘方法. 软件学报, 2020, 31(11): 3404–3420. http://www.jos.org.cn/1000-9825/6061.htm
    Duan X, Wu JZ, Luo TY, Yang MT, Wu YJ. Vulnerability mining method based on code property graph and attention BiLSTM. Ruan Jian Xue Bao/Journal of Software, 2020, 31(11): 3404–3420 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6061.htm
    [120] 周长利, 马春光, 杨松涛. 路网环境下保护LBS位置隐私的连续KNN查询方法. 计算机研究与发展, 2015, 52(11): 2628–2644.
    Zhou CL, Ma CG, Yang ST. Location privacy-preserving method for LBS continuous KNN query in road networks. Journal of Computer Research and Development, 2015, 52(11): 2628–2644 (in Chinese with English abstract).
    [121] 李晨, 申德荣, 朱命冬, 寇月, 聂铁铮, 于戈. 一种对时空信息的kNN查询处理方法. 软件学报, 2016, 27(9): 2278–2289. http://www.jos.org.cn/1000-9825/5046.htm
    Li C, Shen DR, Zhu MD, Kou Y, Nie TZ, Yu G. kNN query processing approach for content with location and time tags. Ruan Jian Xue Bao/Journal of Software, 2016, 27(9): 2278–2289 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5046.htm
    [122] 朱利, 邱媛媛, 于帅, 原盛. 一种基于快速k-近邻的最小生成树离群检测方法. 计算机学报, 2017, 40(12): 2856–2870.
    Zhu L, Qiu YY, Yu S, Yuan S. A fast kNN-based MST outlier detection method. Chinese Journal of Computers, 2017, 40(12): 2856–2870 (in Chinese with English abstract).
    [123] Snell J, Swersky K, Zemel R. Prototypical networks for few-shot learning. In: Proc. of the 31st Int’l Conf. on Neural Information Processing Systems. Long Beach: Curran Associates, Inc., 2017. 4080–4090.
    [124] Sung F, Yang YX, Zhang L, Xiang T, Torr HSP, Hospedales TM. Learning to compare: Relation network for few-shot learning. In: Proc. of the 2018 IEEE Conf. on Computer Vision and Pattern Recognition. Salt Lake City: IEEE, 2018. 1199–1208.
    [125] Dragomiretskiy K, Zosso D. Variational mode decomposition. IEEE Trans. on Signal Processing, 2014, 62(3): 531–544.
    [126] Xiao GQ, Li JN, Chen YD, Li KL. MalFCS: An effective malware classification framework with automated feature extraction based on deep convolutional neural networks. Journal of Parallel and Distributed Computing, 2020, 141: 49–58.
    [127] Avdiienko V, Kuznetsov K, Gorla A, Zeller A, Arzt S, Rasthofer S, Bodden E. Mining APPs for abnormal usage of sensitive data. In: Proc. of the 37th IEEE/ACM IEEE Int’l Conf. on Software Engineering. Florence: IEEE, 2015. 426–436.
    [128] Bertinetto L, Valmadre J, Henriques JF, Vedaldi A, Torr HSP. Fully-convolutional siamese networks for object tracking. In: Proc. of the 2016 European Conf. on Computer Vision. Amsterdam: Springer, 2016. 850–865.
    引证文献
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

刘昊,田志宏,仇晶,刘园,方滨兴.面向小样本的恶意软件检测综述.软件学报,2024,35(8):3785-3808

复制
分享
文章指标
  • 点击次数:1154
  • 下载次数: 3717
  • HTML阅读次数: 1225
  • 引用次数: 0
历史
  • 收稿日期:2023-04-11
  • 最后修改日期:2023-07-17
  • 在线发布日期: 2024-01-24
  • 出版日期: 2024-08-06
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19936852位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号