Research And Implementation Of Virus Software Detection System Based On GCForest

With the rapid development of Internet technology,people can get the resources they want simply by moving their fingers,but not all information technology can bring convenience,and some people spread virus software to disrupt public order and personal privacy.In order to get their own profit.The expansion of network platforms has also brought huge benefits to the maker of virus software.With the rapid increase in the number of virus software,life are greatly affected in network,and the property losses are also increasing day by day.Virus software is regarded as an important part of the information security field.The research are also valued by researchers.The traditional virus software detection method is simple and time-consuming.It can only detect the virus software that has been identified,and is helpless with methods such as virus software confusion,packing,interference,and deformation.Therefore,there is a problem of high false alarm rate.In order to solve the shortcomings in the traditional static detection method,the Cuckoo sandbox software is used to analyze the application program to obtain the log file,the dynamic characteristics of the virus software are extracted from the log file,and an integrated model: GCForest is applied.Focus on the dynamic detection technology based on the GCForest model,and successfully apply it in the virus software detection system.The internal relationship between the Windows API function,thread number,and thread calling sequence is used as the data basis,which can be more accurate Have to distinguish the virus software and its type.The detailed work of this article is as follows:1.Analyze the behavioral characteristics of virus software under Windows,take Windows API function as the main object,combine the internal correlation of API function,thread number,and thread calling sequence data,construct two types of characteristics,statistical characteristics and calculation characteristics,based on the overall call Build statistical features based on API frequency,number of threads,and calling sequence,and then build calculation features based on each type of API calling frequency,number of threads,and calling sequence,so that the information contained in the original data can be fully reflected2.Introduced the basic theory of GCForest in detail,and focused on the multigranularity scanning enhanced model representation learning ability,established a dynamic analysis method model based on the GCForest model,added XGBoost classifier,and enhanced the model for minority classes Recognition ability,thereby improving the accuracy of the entire model.3.On the basis of the above research,the Cuckoo sandbox software is used to design and implement a virus software classification system.There are five major functional modules,namely virus application collection and processing,virus software detection data management,virus application detection management,user management,Query management.