网络与信息安全学报 (Aug 2021)
Auto forensic detecting algorithms of malicious code fragment based on TensorFlow
Abstract
In order to auto detect the underlying malicious code fragments in complex,heterogeneous and massive evidence data about digital forensic investigation, a framework for malicious code fragment detecting algorithm based on TensorFlow was proposed by analyzing TensorFlow model and its characteristics. Back-propagation training algorithm was designed through the training progress of deep learning. The underlying binary feature pre-processing algorithm of malicious code fragment was discussed and proposed to address the problem about different devices and heterogeneous evidence sources from storage media and such as AFF forensic containers. An algorithm which used to generate data set about code fragments was designed and implemented. The experimental results show that the comprehensive evaluation index of the method can reach 0.922, and compared with CloudStrike, Comodo, FireEye antivirus engines, the algorithm has obvious advantage in dealing with the underlying code fragment data from heterogeneous storage media.
Keywords
