Malicious Code Detection Based On Opcode Behavior Deep Learning

With the popularity of the network, the increasing advances in computertechnology, computer information security is now facing a serious threat, themalicious code is the primary means of attack. The growing number andtechnology which continue developing malicious code not only inconveniencehuman life, but also make individuals and businesses suffer huge economic losses,and some can even harm the national information security. With malicious codedetection technology and anti-detection technology continue fighting thedevelopment, the growing number of malicious code brings enormous pressure andchallenges to analysts.This is makes a study of malicious code detection technology based on thedeep belief networks, deep belief networks using semi-supervised learningapproach. Firstly, use a large amount of unmarked samples as training set, then usea small amount of samples for feedback fine-tuning weights of network. This firstcheck shell, shell processing, again using the n-gram algorithm to extract theopcode sequence characteristics and uses information gain and documentfrequency selection feature, the final use the deep belief network for classify. Inthe experiment, by selecting the number of features and comparative analysis ofother methods to experimental results through the correct rate, false positive rate,and false negative rate three indicators were evaluated. By comparison andanalysis of experimental results, the proposed method has received very goodexperimental results.Malicious code detection is based on deep belief network model consists ofthree modules: data preprocessing module, opcode feature extraction and deepbelief network module, where Deep belief network is the main module. Deepbelief network module through three specific procedures to implement: RestrictedBoltzmann machine adjustment, feedback adjustment of the deep belief networkand error back propagation feedback adjustment. Restricted Boltzmann machineadjustment is a bottom-up process between the layers, in this way to initialize theweights of the whole deep model. And deep belief network feedback adjustment,first of all, identify the bottom-up model transformation, and then convert thetop-down model, at last through different levels between the adjusted continuously,the generated model can be reconstructed with lower error of the original sample,and thus get the nature of the sample, namely highest deep model of abstractrepresentation. Error back propagation of feedback regulation on the output,compared with that of original class mark error will adopt BP algorithm to fine-tune the network weights.