Research On The Main Techonologies In Malware Code Detection

With the deep penetration of information and the fast development of the Internet, the computer has undoubtedly brought great convenience to people’s life and changed our working ways. However, the computer has also brought computer virus, which causes the increasingly serious information security problem. Although many kinds of anti-virus software have already been adopted in commercial use,but most of them are traditional malicious code detection technology based on signature. This detection method can effectively detect the virus next time only on the condition that the detection method has got the signature first. This feature causes huge loopholes of the malicious code detection technology which makes the anti-virus software unable to deal with new virus, and at the same time makes the users of the computer threatened by virus at any time. Therefore, how to detect the unknown malicious code becomes the focus of the information security field. This paper, based on the research of the machine learning and regularization theory to malicious code detection technology, makes a deep research on the malicious feature representation and malicious feature selection of two important processes. The paper mainly develops from the following four aspects:(1)Research on the researching methods of Malicious Feature RepresentationAccording to the difference of the Malicious Feature Fepresentation theory and Feature Representation grain, this paper makes a deep research on the present Malicious Feature Representation methods and groups the malicious feature representation methods into three categories that based on n-Sequence,OPCode, Block-Based and Based-Behavior.(2)Research on Malicious Feature Selection methodsThe paper makes a systematic analysis of Malicious Feature Selection. Malicious Feature Selection is the second process of malicious code feature detection and appropriate feature selection method can enhence the accuracy of the classifier. This paper makes a systematic summary of some present feature selection methods including Information Gain, CHI, Document Frequency, Term Contribution, Entropy-based ranking, F-score.(3)Comparison and contrast of the efficiency of Malicious Feature Selection methodsGiven that different Feature Selection method has different effect on malicious code detection, the paper adopts n-gram and OpCode to extract the features of the sample, select the features by the malicious feature selection methods summarized above, then train the classifier by the selected feature, and finally make an analysis of the contribution of the feature selected by all kinds of feature selection methods to the efficiency of malicious code classifier.(4)Proposed One Class Support Vector Machine based on RegularizationTraditional single-category method is based on unsupervised learning theory but lacks the use of the samples that exist in the field of malicious code detection label. The paper, based on the traditional single-class support vector machine and according to the difference regularization adopted in the unlableled samples between two-class support vector machine and traditional single-class support vector machine, constructs a single-class classification learning machine both to ensure the original single-class support vector machine classification performance, but also take full advantage of the unlabeled samples to improve its performance. Although the problem is a mixed integer optimization problems with much complexity and proposes an approximation algorithm for fast solution, simulated data sets and experiments on the malicious code data set has certificated the performance of the classifier.