Malicious Code Detection System

With the rapid development of the computer technology and the Internet, people's work and life is becoming more and more dependent on computers. Network security problems have cropped up due to the emergence of a large number of online games, online shopping, online banking and other online services. Because of the popularity of the Internet and the development of various attacking technologies, malicious code writing is no longer a secret that only a few people can do. Coupled with economic interests, today's malicious code has been featured in large quantities, rapid spreading speed, many variants, more subtlety and so on. It shows that the number of malicious code is with a very fast growing pace. According to the statistics, the traditional static signature-based malicious code detection methods have been unable to fully handle this new situation, so we need a series of intelligent, proactive malicious code detection technologies. The major work in this thesis is reflected in the following areas:(1) Creative presented a way that doing a cluster analysis of malicious code by using the code similarity calculation. In this paper, A malicious code cluster system was established through the relevant disassembly data and static file important information collection.(2) Creative proposed to first conduct a cluster analysis of malicious code, then create a malware detection model by using these malicious code as the training set. And the way can improve the relevance, accuracy, and also improve the detection efficiency.(3) This paper presents a new smart malicious code detection system. which extracted the important static information from the normal file and malicious code that in the training set, and established an intelligent, fully automated, advanced malicious code detection system with the help of machine learning algorithms. The system can be divided into three main subsystems. The first one is malicious code Clustering system. The second one is malware detection self-learning system, and the third one is malware detection determining system. Malicious code clustering system is used to classify samples with file code similarity determination technology. Malware detection self-learning system is used to build a model to generate some detection rules. Malware detection determining system is used to determine whether the program is malicious or not. Finally, the tests showed that the malicious code detection system proposed in this paper was able to detect unknown malicious code.