| 引用本文: |
-
靖蓉琦,姜政伟,汪秋云,刘奇旭,汪姝玮,凌辰.基于知识图谱的恶意代码分析综述[J].信息安全学报,已采用 [点击复制]
- JingRongQi,JiangZhengWei,WangQiuYun,LiuQiXu,WangShuWei,LingChen.Malware Analysis Based on Knowledge Graph: A Survey[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 随着网络安全攻防博弈的升级,复杂多变的恶意代码对网络安全威胁的检测与分析研究提出了新的挑战。图的结构化表示特别是知识图谱以其特有的优势,可以承载更多的恶意代码特征信息,在恶意代码研究领域展示了较强应用潜能;同时借助图匹配、图嵌入或图神经网络等算法,基于知识图谱的技术能处理节点属性信息以及其之间的拓扑关系,在恶意代码检测与分析方面显示出了广阔的前景。目前基于知识图谱的恶意代码分析研究主要可以分为两方面:一是恶意代码知识图谱的构建研究,包括知识表示和本体模型的统一定义与实例化提取;二是综合恶意代码分析所获得的图谱结构特征,利用相关图算法技术进行上层的恶意代码检测与分析研究。本文首先从恶意代码的发展趋势出发,介绍了知识图谱在表示、创建和应用方面的研究进展,总结了现有恶意代码结合动静态特征和人工智能模型分析方法的优势与局限性,从而引出了知识图谱技术与恶意代码相结合的重要研究方向;然后分析了当下融合多结构数据的恶意代码知识图谱定义表示,以及包含实体识别、关系抽取等不同模型的构建方法;接着阐述了图计算在恶意代码检测和分析场景中的探索应用,表明了图谱相关技术在检测识别和综合分析恶意代码上的有效性;最后在讨论目前恶意代码知识图谱模式定义难统一、图谱信息未充分挖掘利用和图分析模型存在脆弱性等问题的基础上,提出了可供参考的解决思路,并对未来可能的研究方向进行了展望。 |
| 关键词: 恶意代码分析 知识图谱 本体构建 恶意代码分类 图算法 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2024.08.05 |
| 投稿时间:2022-11-18修订日期:2023-01-30 |
| 基金项目:国家重点研发计划和中国科学院青年创新促进会 |
|
| Malware Analysis Based on Knowledge Graph: A Survey |
|
JingRongQi, JiangZhengWei, WangQiuYun, LiuQiXu, WangShuWei, LingChen
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| With the escalation of network security attack and defense confrontation, complex and changeable malware poses new challenges to the detection and analysis of network security threats. With its unique capacity to capture and integrate the information about malware features, the structured representation of graphs, especially knowledge graphs, showing great potential in the malware research field. At the same time, with the help of algorithms such as graph matching, graph embedding or graph neural networks, the attribute information of nodes and the topological relationship between them can be processed by the technology of knowledge graph, which shows a great prospect in the field of malware detection and analysis. At present, the research on knowledge-graph-based malware analysis can be divided into two aspects: one is the research on the construction of malware knowledge graph, including the unified definition, the instantiated extraction of knowledge representation and the ontology model. The other is the structure characteristics of graph obtained by comprehensive malware analysis, using the correlation graph algorithm technology to detect and analyze the upper-layer malware. Starting from the development trend of malware, this paper first introduces the research progress of the representation, creation and application of knowledge graph, summarizes the advantages and limitations of the existing analysis methods using dynamic and static characteristics and artificial intelligence models, thus draw forth the important research interests of the combination of knowledge graph and malware. Then analyzes the definition and representation of the malware knowledge graph that integrates multi-structure data, as well as the models using different methods, including entity recognition, relationship extraction and so on. After that, expounds the exploration and application of graph computing in the scene of malware detection and analysis, and the results show that the graph correlation technology is effective in detection, identification and comprehensive analysis of malware. Finally, on the basis of discussions such as the difficulty of unifying the definition of the malware knowledge graph mode, the insufficiency of the mining and utilization of graph information, and the vulnerability of graph analysis models, this paper proposed the solutions for reference and projected directions of the research. |
| Key words: malware analysis knowledge graph ontology construction malware classification graph algorithms |
