Journal of Computer Applications ›› 2022, Vol. 42 ›› Issue (1): 178-182.DOI: 10.11772/j.issn.1001-9081.2021010199
• Cyber security • Previous Articles Next Articles
Jialiang DUAN(), Guoming CAI, Kaiyong XU
Received:
2021-02-02
Revised:
2021-05-19
Accepted:
2021-05-21
Online:
2022-01-11
Published:
2022-01-10
Contact:
Jialiang DUAN
About author:
DUAN Jialiang, born in 1996, M. S. candidate. His research interests include integrity measurement, neural network.通讯作者:
段佳良
作者简介:
段佳良(1996—),男,江西景德镇人,硕士研究生,主要研究方向:完整性度量、神经网络CLC Number:
Jialiang DUAN, Guoming CAI, Kaiyong XU. Memory combined feature classification method based on multiple BP neural networks[J]. Journal of Computer Applications, 2022, 42(1): 178-182.
段佳良, 蔡国明, 徐开勇. 基于多BP神经网络的内存组合特征分类方法[J]. 《计算机应用》唯一官方网站, 2022, 42(1): 178-182.
Add to citation manager EndNote|Ris|BibTeX
URL: https://www.joca.cn/EN/10.11772/j.issn.1001-9081.2021010199
实验环境 | 配置 |
---|---|
操作系统 | ubuntu 18.04.1 |
处理器 | Intel core i9-10900K @ 3.70 GHz |
内存 | 32G DDR4 3 200 MHz |
显卡 | NVIDIA GeForce RTX 3090 24g |
Tab.1 Computer configuration information
实验环境 | 配置 |
---|---|
操作系统 | ubuntu 18.04.1 |
处理器 | Intel core i9-10900K @ 3.70 GHz |
内存 | 32G DDR4 3 200 MHz |
显卡 | NVIDIA GeForce RTX 3090 24g |
度量对象 | 特征样本数 |
---|---|
只读数据段 | 503 |
系统调用表 | 128 |
系统异常表 | 83 |
进程 | 45 |
模块 | 25 |
熵池资源 | 36 |
Tab.2 Related data of dataset
度量对象 | 特征样本数 |
---|---|
只读数据段 | 503 |
系统调用表 | 128 |
系统异常表 | 83 |
进程 | 45 |
模块 | 25 |
熵池资源 | 36 |
数据类型 | 数据总量 | 安全数据量 | 非安全数据量 | 准确率/% |
---|---|---|---|---|
合计/平均 | 2 000 | 920 | 1 080 | 98.25 |
训练数据 | 1 500 | 725 | 775 | 98.86 |
验证数据 | 300 | 125 | 175 | 97.67 |
测试数据 | 200 | 70 | 130 | 94.50 |
Tab.3 Data results of the proposed neural network model after training
数据类型 | 数据总量 | 安全数据量 | 非安全数据量 | 准确率/% |
---|---|---|---|---|
合计/平均 | 2 000 | 920 | 1 080 | 98.25 |
训练数据 | 1 500 | 725 | 775 | 98.86 |
验证数据 | 300 | 125 | 175 | 97.67 |
测试数据 | 200 | 70 | 130 | 94.50 |
模型方法 | 总准确率/% | 模型训练时间/s | 训练迭代 次数 | 分类所用时间/ms |
---|---|---|---|---|
基准值 | 73.40 | / | / | 10.0 |
一维CNN | 90.60 | / | 1 000 | 75.3 |
KNN | 93.45 | / | 1 000 | 45.4 |
单BP | 96.15 | 12.7 | 450 | 22.9 |
多BP | 98.25 | 3.2 | 95 | 26.1 |
Tab.4 Comparison of memory feature extraction models and methods
模型方法 | 总准确率/% | 模型训练时间/s | 训练迭代 次数 | 分类所用时间/ms |
---|---|---|---|---|
基准值 | 73.40 | / | / | 10.0 |
一维CNN | 90.60 | / | 1 000 | 75.3 |
KNN | 93.45 | / | 1 000 | 45.4 |
单BP | 96.15 | 12.7 | 450 | 22.9 |
多BP | 98.25 | 3.2 | 95 | 26.1 |
1 | 方明伟. 基于可信计算的移动智能终端安全技术研究[D]. 武汉:华中科技大学, 2012:3-7. |
FANG M W. Research on the security technologies of mobile smart terminal by using trusted computing[D]. Wuhan: Huazhong University of Science and Technology, 2012:3-7. | |
2 | 安岗,肖征荣,张延练. 智能终端安全及发展策略分析[J]. 互联网天地, 2016(12):1-4. |
AN G, XIAO Z R, ZHANG Y L. Analysis on the security and development strategy of intelligent terminal[J]. China Internet, 2016(12):1-4. | |
3 | 杨蓓,吴振强,符湘萍. 基于可信计算的动态完整性度量模型[J]. 计算机工程, 2012, 38(2):78-81. 10.3969/j.issn.1000-3428.2012.02.025 |
YANG B, WU Z Q, FU X P. Dynamic integrity measurement model based on trusted computing[J]. Computer Engineering, 2012, 38(2): 78-81. 10.3969/j.issn.1000-3428.2012.02.025 | |
4 | 王伟峰. 可信计算动态完整性度量模型设计与实现[D]. 长沙:国防科学技术大学, 2013:15-24. |
WANG W F. Establishment and implementation of a trusted computing dynamic integrity measurement model[D]. Changsha: National University of Defense Technology, 2013:15-24. | |
5 | 邓锐,陈左宁. 基于策略嵌入和可信计算的完整性主动动态度量架构[J]. 计算机应用研究, 2013, 30(1):261-264. 10.3969/j.issn.1001-3695.2013.01.067 |
DENG R, CHEN Z N. Policy embedded dynamic integrity active measurement architecture[J]. Application Research of Computers, 2013, 30(1): 261-264. 10.3969/j.issn.1001-3695.2013.01.067 | |
6 | YUAN J H, ZHOU H W, KANG K D. Control flow invariant integrity measurement: cases study[C]// Proceedings of the 2020 IEEE International Conference on Artificial Intelligence and Information Systems. Piscataway: IEEE, 2020:366-370. 10.1109/icaiis49377.2020.9194906 |
7 | BOHLING F, MUELLER T, ECKEL M, et al. Subverting Linux’ integrity measurement architecture[C]// Proceedings of the 15th International Conference on Availability, Reliability and Security. New York: ACM, 2020: No.27. 10.1145/3407023.3407058 |
8 | 路子聪,徐开勇,郭松,等. 基于ARM虚拟化扩展的Android内核动态度量方法[J]. 计算机应用, 2018, 38(9):2644-2649. 10.11772/j.issn.1001-9081.2018010224 |
LU Z C, XU K Y, GUO S, et al. Dynamic measurement of Android kernel based on ARM virtualization extension[J]. Journal of Computer Applications, 2018, 38(9): 2644-2649. 10.11772/j.issn.1001-9081.2018010224 | |
9 | 刘孜文,冯登国. 基于可信计算的动态完整性度量架构[J]. 电子与信息学报, 2010, 32(4):875-879. 10.3724/SP.J.1146.2009.00408 |
LIU Z W, FENG D G. TPM-based dynamic integrity measurement architecture[J]. Journal of Electronics and Information Technology, 2010, 32(4): 875-879. 10.3724/SP.J.1146.2009.00408 | |
10 | 辛思远,赵勇,廖建华,等. 操作系统内核的动态可信度量模型[J]. 计算机应用, 2012, 32(4):953-956, 967. 10.3724/SP.J.1087.2012.00953 |
XIN S Y, ZHAO Y, LIAO J H, et al. Dynamic trusted measurement model of operating system kernel[J]. Journal of Computer Applications, 2012, 32(4): 953-956, 967. 10.3724/SP.J.1087.2012.00953 | |
11 | 李炳龙,佟金龙,张宇,等. 基于TensorFlow的恶意代码片段自动取证检测算法[J]. 网络与信息安全学报, 2021, 7(4):154-163. |
LI B L, TONG J L, ZHANG Y, et al. Auto forensic detecting algorithms of malicious code fragment based on TensorFlow[J]. Chinese Journal of Network and Information Security, 2021, 7(4):154-163. | |
12 | SAXE J, BERLIN K. Deep neural network based malware detection using two dimensional binary program features[C]// Proceedings of the 10th International Conference on Malicious and Unwanted Software. Piscataway: IEEE, 2015:11-20. 10.1109/malware.2015.7413680 |
13 | 傅依娴,芦天亮,马泽良. 基于One-Hot的CNN恶意代码检测技术[J]. 计算机应用与软件, 2020, 37(1):304-308, 333. |
FU Y X, LU T L, MA Z L. CNN malicious code detection technology based on One-Hot[J]. Computer Applications and Software, 2020, 37(1):304-308, 333. | |
14 | 杨晔. 基于行为的恶意代码检测方法研究[D]. 西安:西安电子科技大学, 2015:23-30. 10.12720/jcm.10.5.320-329 |
YANG Y. Research on detection method of malware based on behavior[D]. Xi’an: Xidian University, 2015:23-30. 10.12720/jcm.10.5.320-329 | |
15 | LI J Y. BP neural network optimized by PSO and its application in function approximation[J]. Advanced Materials Research, 2014, 945/946/947/948/949:2413-2416. 10.4028/www.scientific.net/amr.945-949.2413 |
16 | 陈志锋,李清宝,张平,等. 基于内存取证的内核完整性度量方法[J]. 软件学报, 2016, 27(9):2443-2458. 10.13328/j.cnki.jos.004875 |
CHEN Z F, LI Q B, ZHANG P, et al. Kernel integrity measurement method based on memory forensic[J]. Journal of Software, 2016, 27(9): 2443-2458. 10.13328/j.cnki.jos.004875 | |
17 | 张瑜,刘庆中,李涛,等. 内存取证研究与进展[J]. 软件学报, 2015, 26(5):1151-1172. 10.13328/j.cnki.jos.004821 |
ZHANG Y, LIU Q Z, LI T, et al. Research and development of memory forensics[J]. Journal of Software, 2015, 26(5): 1151-1172. 10.13328/j.cnki.jos.004821 | |
18 | TORRES A. Memory forensics in-depth[J]. SC Magazine: The International Journal of Computer Security, 2018, 28(6 App):64-65. |
19 | ZHANG J, CHE S B. The research on Linux memory forensics[J]. IOP Conference Series: Materials Science and Engineering, 2018, 322(5): No.052021. 10.1088/1757-899x/322/5/052021 |
20 | CHENG Y X, FU X, DU X J, et al. A lightweight live memory forensic approach based on hardware virtualization[J]. Information Sciences, 2017, 379:23-41. 10.1016/j.ins.2016.07.019 |
21 | 夏克文,李昌彪,沈钧毅. 前向神经网络隐含层节点数的一种优化算法[J]. 计算机科学, 2005, 32(10):143-145. |
XIA K W, LI C B, SHEN J Y. An optimization algorithm on the number of hidden layer nodes in feed-forward neural network[J]. Computer Science, 2005, 32(10):143-145. | |
22 | KHIRIRAT S, FEYZMAHDAVIAN H R, JOHANSSON M. Mini-batch gradient descent: faster convergence under data sparsity[C]// Proceedings of the IEEE 56th Annual Conference on Decision and Control. Piscataway: IEEE, 2017:2880-2887. 10.1109/cdc.2017.8264077 |
[1] | Kai FENG, Jiande LI, Zhangjian JI. Approximate evaluation method of k-ary (n-1)-cube subnetwork reliability [J]. Journal of Computer Applications, 2023, 43(12): 3875-3881. |
[2] | CHU Surong, NIU Zhixian, SONG Chunhua, NIU Baoning. Progressive mesh simplification algorithm for mobile devices [J]. Journal of Computer Applications, 2020, 40(3): 806-811. |
[3] | HAN Ying, ZHAO Meng, CHEN Shengyong, WANG Zhaoxi. Automatic screening of abnormal cervical nucleus based on maximum section feature [J]. Journal of Computer Applications, 2019, 39(4): 1189-1195. |
[4] | LU Zicong, XU Kaiyong, GUO Song, XIAO Jingxu. Dynamic measurement of Android kernel based on ARM virtualization extension [J]. Journal of Computer Applications, 2018, 38(9): 2644-2649. |
[5] | HE Chun, LI Qi, WU Ranghao, LIU Bangxin. Diagnosis of fault circuit by modularized BP neural network based on fault propagation [J]. Journal of Computer Applications, 2018, 38(2): 602-609. |
[6] | CHEN Wanzhi, LI Dongzhe. Intrusion detection method in industrial control network combining white list filtering and neural network [J]. Journal of Computer Applications, 2018, 38(2): 363-369. |
[7] | CHEN Haoguang, WANG Yinhe. Adaptive control design for a class of nonlinear systems based on extended BP neural network [J]. Journal of Computer Applications, 2017, 37(6): 1670-1673. |
[8] | ZHENG Cha, JI Lixin, LI Shaomei, GAO Chao. Face annotation in news images based on multi-modal information fusion [J]. Journal of Computer Applications, 2017, 37(10): 3006-3011. |
[9] | LI Mingxu, DENG Xin, WANG Jin, WANG Xiao, ZHANG Xiaomou. Modeling and simulating thermotaxis behavior of Caenorhabditis elegans based on artificial neural network [J]. Journal of Computer Applications, 2016, 36(7): 1909-1913. |
[10] | YANG Kangkang, WU Shijing, LIU Yujie, ZHOU Lu. Conflict detection model in collaborative design based on constraint [J]. Journal of Computer Applications, 2015, 35(8): 2215-2220. |
[11] | SHAO Liangshan, GUO Yachan. Flame recognition algorithm based on Codebook in video [J]. Journal of Computer Applications, 2015, 35(5): 1483-1487. |
[12] | LUO Dan, LUO Haiyong. Fall detection algorithm based on random forest [J]. Journal of Computer Applications, 2015, 35(11): 3157-3160. |
[13] | ZHANG Ling WANG Ling WU Tong. Thermal comfort prediction model based on improved particle swarm optimization-back propagation neural network [J]. Journal of Computer Applications, 2014, 34(3): 775-779. |
[14] | WENG Xiaokang ZHANG Ping WANG Wei ZHU Yi. Remote attestation mechanism for platform integrity based on unbalanced-Hash tree [J]. Journal of Computer Applications, 2014, 34(2): 433-437. |
[15] | XIANG Rong ZHOU Huijuan. Automatic on-screen-display verification system based on Gabor features and BP neural network [J]. Journal of Computer Applications, 2013, 33(05): 1463-1466. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||