Currently, malware shows an explosive growth trend. Demand for classifying malware is also increasing. The problem is the low accuracy of both malware detection and classification. From the static features of malicious families, a new deep learning method of TCN-BiGRU was proposed in this study, which combined temporal convolutional network (TCN) and bidirectional gated recurrent unit (BiGRU). First, we extracted the features of malware assembly code sequences and byte code sequences. Second, we shortened the opcode sequences by TCN to explore the features in the data and then used the BiGRU network to capture the opcode sequences in both directions to achieve deep extraction of the features of the opcode sequences. Finally, the fully connected and softmax layers were used to output predictions of the deep features. Multiple comparisons and ablation experiments demonstrated that the accuracy of malware detection and classification were effectively improved by our method. Our overall performance was 99.72% for samples comprising nine different classes, and our overall performance was 96.54% for samples comprising two different classes.
The existing supervised learning methods can only use labelled samples to train the classifier, which is difficult and costly to obtain labels. To solve the problem and enhance the effectiveness of intrusion detection models, a semi-supervised learning method is proposed in this study in terms of intrusion detection based on Fuzzy-Long Short-Term Memory (Fuzzy-LSTM). The model uses long short-term memory to generate labels for unlabelled samples, while classifying samples based on fuzzy entropy. The low fuzzy entropy samples from them were merged into the original training set, and the classifier was trained again. The results showed that the proposed model had the accuracy of 84.53% for the above data sets, 2.45% higher than that of the classical CNN-BiLSTM, respectively, and the improvement of the detection accuracy for a few classes of samples was significant.
Imbalanced datasets greatly affect the analysis capability of intrusion detection models, biasing their classification results toward normal behavior and leading to high false-positive and false-negative rates. To alleviate the impact of class imbalance on the detection accuracy of network intrusion detection models and improve their effectiveness, this paper proposes a method based on a feature selection-conditional Wasserstein generative adversarial network (FCWGAN) and bidirectional long short-term memory network (BiLSTM). The method uses the XGBoost algorithm with Spearman’s correlation coefficient to select the data features, filters out useless and redundant features, and simplifies the data structure. A conditional WGAN (CWGAN) is used to generate a small number of samples in the dataset, add them to the original training set to supplement the dataset samples, and apply BiLSTM to complete the training of the model and realize the classification. In comparative tests based on the NSL-KDD and UNSW-NB15 datasets, the accuracy of the proposed model reached 99.57% and 85.59%, respectively, which is 1.44% and 2.98% higher than that of the same type of CWGAN and deep neural network (CWGAN-DNN) model, respectively.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.