Malware Detection Based On Deep Learning Of Image Features

With the development of the Internet and the popularization of computers,the electronic and digital processes of all walks of life are gradually perfected,the people's lives are more closely tied to computers,and many personal privacy and property may be stolen as a result of malware attacks;At the same time,the integration of information technology and industrialization will give more authority to the computer control,which provides a convenient condition for malware to control the attack target.Allowing the wanton spread of malware will not only affect people's daily life,disrupting the production plans of factories and the companies,but also threaten national security.However,at present,the identification of malware mainly relies on the method of comparing feature codes,which is very dependent on the personal experience of analysts,and the identification of new malware has a lag,which cannot be identified in time.Therefore,it is of great practical significance to seek the effective detection of mawlare and the classification method.In order to improve the detection accuracy of malware,reduce the time consumption,and reduce the dependence on manual operation and the number of samples needed,this paper proposes a method of visualizing malicious code into images and automatically extracting features and classifying them by combining with deep learning algorithm.The innovation points and main work of this paper are as follows:(1)This paper presents a visual detection method which can detect the malware quickly.Because the malware of the same family has some similarities in structure,by malware mapping binary files for color images can be found more intuitive and fast characteristics.At the same time,information entropy is used to judge similarity of malware in structure.Finally,the convolution neural network can extract a large number of effective features in a short time and establish an effective detection model.This method does not require special handling of malware,does not need to carry out anti-compilation and other operations,only through the source file can be detected,with fast detection speed,high accuracy and other advantages.(2)A visual detection method based on opcode sequence is proposed.In order to further improve the accuracy of malware recognition,this method extracts the opcode sequence by static method in the preprocessing stage,and studies and simplifies the x86 assembly instruction.The N-Gram algorithm is used to enlarge the instruction sequence so that each feature contains context associations.Combining TF-IDF algorithm and SimHash algorithm,the malware is simplified to hash value,and finally the hash value is visualized and malware recognition is realized by convolution neural network.Experimental results show that this method can effectively improve the accuracy of malicious code detection.(3)The prototype system of intelligent detection platform for malware is designed and implemented.The system integrates the visual malware detection method and multiple antivirus engines,allowing users to upload malwares,conduct online detection,return real-time detection results,and determine various types of malware.The system can be used to analyze threat intelligence,resist malware attacks,collect malware samples and attack behaviors,and promote the development of malware detection technology based on visualization.