基于GPU加速的恶意代码字节码特征提取方法研究

随着恶意代码的数量和种类增长,快速有效地检测恶意代码显得十分有必要,其中关键技术就是恶意代码特征提取.针对现有恶意代码字节码序列特征提取速度的不足,提出了一种GPU加速提取恶意代码字节码序列特征的方法.使用目前比较成熟的统一计算设备架构CUDA,将传统恶意代码字节码序列特征提取方法中字节码N-Gram特征的提取、TFIDF特征的计算等密集计算型任务移交给GPU进行并行计算.实验表明,针对不同样本文件大小的数据集,该方法均有2～4倍以上的速度提升,大幅提高恶意代码字节码序列特征提取的速度.

Research on feature extraction of malware bytecode based on GPU acceleration

With the increase of the number and type of malicious code, it is necessary to detect malicious code quickly and effectively. One of the key point is the feature extraction of malicious code. Aiming at the insufficiency of the feature extraction speed of malicious code bytecode sequences in the existing methods, a method of GPU acceleration to extract the features of malicious code bytecode sequences is proposed. Compute intensive tasks such as the feature extraction of bytecode and the calculation of TFIDF features in traditional methods are transferred to the GPU for parallel computing by using the more mature CUDA architecture. The experimental results show that the method has a speed increase of 2 to 4 times for data sets with different sample file sizes,which greatly improves the speed of feature extraction of malicious code bytecode sequences.