| According to the spread of malicious software is becoming more and more popular,we want to design a feasible solution to identify the malicious software in the network traffic and make an early warning to improve the security of the network.Without the use of traditional solution of basing on virus signature protection.We try to use of machine learning and big data solutions for effectively identify malicious software.This paper is purposed to design a system building plan,at the same time,it analyzes how to construct the classification model,which features are adopted,and the model with good accuracy can be put into practical application.The architecture design of the system is mainly based on the existing open source system— metron,and the whole system model is designed by the structure of distributed and stream processing.Considering real-time processing and batch processing.Model reference to the competition of Microsoft malware classification in kaggle,select some good characteristics to construct the model and improve the research,this paper selects ten types of features are extracted and selected random forests and xgboost two classification models.Trained to construct,by comparison,for large data in xgboost,with good accuracy.Finally,we use some existing open source software to design a small example to simulate the whole process of the system to determine the feasibility of the system design.Information on the use of existing machine learning methods to construct malware analysis system are poor.In order to reduce the malicious software misinformation rate,this paper has certain research value and practical significance.That is conducive to the development of future network security and traffic monitoring system construction. |
PDF Full Text Request