| With the development of the Internet,malicious code has become one of the main threats to user information security.Traditional methods of detecting malicious code are unable to handle the increasing number of new malicious code samples generated every day.Therefore,machine learning algorithms are becoming increasingly common in the field of malicious code detection.Machine learning algorithms can automatically extract features from a large number of samples,learn patterns of malicious code,and identify unknown malicious software.Compared to traditional rule-based detection methods,machine learning algorithms can more efficiently process large-scale data and automatically adapt to the continuously changing features of malicious software,thereby improving detection accuracy and efficiency.However,algorithms that use machine learning technology for malicious code detection typically focus only on optimizing performance metrics such as accuracy and recall,without fully considering the fact that attackers may intentionally create deceptive input data to deceive the machine learning model and make it unable to function properly in real environments.Currently,there are difficulties in training models for adversarial attacks against malicious code detection,and the escape rate is not ideal.At the same time,mainstream malicious code detection models perform poorly in the face of adversarial sample attacks.Based on the above issues,the main research work of this paper is as follows:A malicious code adversarial attack method based on the PPO algorithm is proposed,which uses reinforcement learning to carry out the attack.A reasonable action space is designed for perturbing PE files,and the PPO algorithm is used to effectively train the intelligent agent model.Experiments are conducted on multiple malicious code detectors,and the results show that this paper performs well in terms of escape rate compared to mainstream malicious code detectors.It has significant advantages in terms of escape rate and average escape step length compared to similar methods.To address the problem of poor performance of malicious code detection models in the face of adversarial samples,this paper proposes a malicious code detection method based on adversarial training.By improving the relevant defects of MalConv,injecting noise and conducting adversarial training,the model robustness is effectively enhanced.Experimental results show that this method can effectively enhance the detection capability of the detector in both white-box and black-box attack scenarios. |
PDF Full Text Request