基于BiTCNSA的恶意代码分类方法

当前恶意代码的对抗技术不断变化，恶意代码变种层出不穷，使恶意代码分类问题面临严峻挑战。针对目前基于深度学习的恶意代码分类方法提取特征不足和准确率低的问题，提出了基于双向时域卷积网络(BiTCN)和自注意力机制(Self-Attention)的恶意代码分类方法(BiTCNSA)。该方法融合恶意代码操作码特征和图像特征以展现不同的特征细节，增加特征多样性。构建BiTCN对融合特征进行处理，充分利用特征的前后依赖关系。引入自注意力机制对数据权值进行动态调整，进一步挖掘恶意代码内部数据间的关联性。在Kaggle数据集上对模型进行验证，实验结果表明:该方法准确率可达99.75%，具有较快的收敛速度和较低的误差。

A Malicious Code Classification Method Based on BiTCNSA

At present, the countermeasure technology of malicious code is constantly changing, and new varieties of malicious code are emerging in endless streamto make the classification of malicious code face severe challenges. Aimed at the problemsthat features extracted are insufficient and low in accuracy by using current malicious code classification methods based on deep learning, a malicious code classification method (BiTCNSA) based on bi-directional temporal convolution network (BiTCN) and self attention mechanism is proposed. This method is combination of opcode features with image features to show different feature details, increasing feature diversity. The BiTCN is constructed to process the fused features, making full use of the pre and post dependencies of the features. The self attention mechanism is introduced todynamically adjust the data weight, further mining the correlation between the internal data of malicious code. The model is verified by using the Kaggle data set. The results show that the accuracy of this method can reach 99.75%, and the method is fast at convergence speed, lowin error, and better than the other models.