Malware Classification And Visualization Based On Behavior Analysis

Recently, the rapidly development of the Internet has brought people a lot of convenience, the network information security problems have cropped up more and more. Malicious code is a major factor endanger network security, the type and quantity of malicious code surge not only bring economic losses to the average user, but also began to threaten the security of the country. This paper studies the behavior of malicious code analysis from the perspective of classification, and with the visualization technology assisted analysis of malicious code.Currently, the majority of malicious code based on behavioral analysis studies were analyzed by dynamic monitoring of malicious code, extract malware behavior features.In this paper, from another point of malware behavior analysis of related work, through malware behavior analysis processing, simplified malware behavior analysis feature extraction work on the behavior of malicious code through behavioral data processing, and reporting based on behavior results classify malicious code and malicious code behavior to achieve visual show.(1) Through the honeypot technology and spam trap to collect samples of malicious code, these malicious samples are analysed by automatic analysis platform and generate detail analysis reports. Then combining with kinds of data processing methods, we will process these reports, try to simplify the original behavior analysis report, turning originally bloated text data into corresponding simple digital number. These things we did could reduce the consumption of storage resource and CPU resources greatly.(2) Make malicious code groups classified according to the processing result of behavior analysis reports. We try to use support vector machine that was optimized by using particle swarm algorithm to classify the experiment. The results show that the method has good classification performance under the small sample size, can achieve or exceed the method that using traditional behavioral characteristics.(3) This paper also realizes visualization of malicious code behavior through the reports. This visualization uses the treemap method and implements Slice-and-dice treemap layout algorithm. Visualization technology and malicious code analysis technology are combined to help malware analysts to quickly understand the malicious code behavior rules, and will assist the malicious code classification.