Journal of Computer Applications ›› 2022, Vol. 42 ›› Issue (1): 178-182.DOI: 10.11772/j.issn.1001-9081.2021010199

• Cyber security • Previous Articles    

Memory combined feature classification method based on multiple BP neural networks

Jialiang DUAN(), Guoming CAI, Kaiyong XU   

  1. Network Space Security Teaching and Research Room,Information Engineering University,Zhengzhou Henan 450001 China
  • Received:2021-02-02 Revised:2021-05-19 Accepted:2021-05-21 Online:2022-01-11 Published:2022-01-10
  • Contact: Jialiang DUAN
  • About author:DUAN Jialiang, born in 1996, M. S. candidate. His research interests include integrity measurement, neural network.
    CAI Guoming, born in 1976, Ph. D., associate research fellow. His research interests include information security, cryptography.
    XU Kaiyong, born in 1963, Ph. D., research fellow. His research interests include information security, trusted computing.


段佳良(), 蔡国明, 徐开勇   

  1. 信息工程大学 网络空间安全教研室,郑州 450001
  • 通讯作者: 段佳良
  • 作者简介:段佳良(1996—),男,江西景德镇人,硕士研究生,主要研究方向:完整性度量、神经网络


The memory data will change after occurring the attack behaviors, and benchmark measurement used by the traditional integrity measurement system has the problems of low detection rate and lack of flexibility. Aiming at the above problems, a memory combined feature classification method based on multiple Back Propagation (BP) neural networks was proposed. Firstly, the feature value of the memory data was extracted by Measuring Object Extraction Algorithm (MOEA). Then, the model was trained by different BP neural networks. Finally, a BP neural network was used to collect the obtained data and calculate the safety status score of the operating system. Experimental results show that compared with the traditional integrity measurement system using benchmark measurement, the proposed method has much higher accuracy and universality, and the proposed method has a detection accuracy of 98.25%, which is higher than those of Convolutional Neural Network (CNN), K-Nearest Neighbor (KNN) algorithm and single BP neural network, verifying the proposed method can detect attack behaviors more accurately. The proposed method has the model training time about 1/3 of the traditional single BP neural network, and also has the model training speed improved compared with similar models.

Key words: memory feature, Back Propagation (BP) neural network, integrity measurement, combined feature, kernel security



关键词: 内存特征, BP神经网络, 完整性度量, 组合特征, 内核安全

CLC Number: