Research On Technologies Of Malware Detection Based On Support Vector Machine

As can be seen in recent years by domestic and foreign well-known information security companies, Internet companies, and national security agencies’ s “annual security report“.when the mobile Internet, Internet of things are more and more concerned by people the and becoming increasingly hot,traditional viruses, Trojans still rampant on the Windows operating system performance; the number of malicious software is still exploding; infective dose of the PC is still a rising trend. Faced with such a massive amount of malicious software and the grim Internet security situation, based on the traditional static signature scanning technology scans can not meet the new requirements of the current information security. The software-based malware detection system behavior likely to produce a large number of false positives and false negatives, and will be make some influences on the system performance.This article aim at the problem that the classification accuracy in system analysis malware behavior was lower,a malware classification method based on Support Vector Machine(SVM) was proposed. Using combination of static characteristics and dynamic characteristics define feature vectors of malware.First the malware characteristics library that used software behavior result as behavioral characteristic and structural information by analyzing differences in normal PE software and malware dig out the static characteristic composition of malware signatures was established by manual;All software behaviors and static information were captured,then were matched with he malware characteristics library,and the matching results were converted to a sample suitable for SVM training through the conversion algorithm.In the selection of the SVM model, kernel function and parameters(C,g),this paper used a method combining the grid search and Genetic Algorithm(GA) to search optimization after theoretical analysis. The system to detect malware based on SVM classification model has been designed in order to verify the effectiveness of the proposed malware classification method. The experiments show that the false positive rate and false negative rate of system is better than K-Nearest Neighbor(KNN),Naive Bayes(NB),BP neural network,the method has the lower false negative rate and false positive rate.On the basis of the model based on SVM and combined with KNN algorithm, a new improved malware detection method based on SVM-KNN model is proposed The comparative experiment shows, Whatever in the case of balanced and unbalanced distribution of training samples,the improved SVM-KNN classification model can effectively improvemalware classification accuracy and detection efficiency.