Malicious Code Recognition Method Based On Dynamic Taint Analysis And Neural Network

With the rapid development of the Internet, computer network has brought much more convenience to human life than ever, but at the same time the occurrence frequency of network security incident becomes higher and higher, and malicious code attacks stand out increasingly, which becomes a great threat to our private data security. In order to ensure the runtime safety of our computers, there is an urgent demand for a reasonable and efficient malicious code recognition method. However,traditional malicious code recognition methods mainly adopt one of dynamic analysis technology and static analysis technology, leading to the features extracted of malicious code are relatively few, and the result can't guarantee the high accuracy and low false negative rate at the same time. In the dynamic analysis techniques, due to it can obtain real behavior features, dynamic stain analysis technology is widely studied.In static analysis techniques, BP neural network is also widely used to identify the malicious code because of its strong classification ability. Therefore, a malicious code recognition method based on dynamic stain analysis and neural network is proposed.Firstly, in order to solve the problem that the number of malicious code behavior dependency graphs is huge,and matching process is time-cosuming resulted from traditional malicious code recognition method based on dynamic taint analysis. Thus,a malicious code behavior dependency graph mining method based on maximal frequent subgraph algorithm SPIN is proposed. The method applies the maximal frequent subgraph mining algorithm SPIN to extract malicious code behavior dependency graph, and obtain the most significant common features from the same family of malicious code without losing the malicious code behavior features, reduce the amount of behavior dependency graphs and improve the recognition efficiency.Secondly, in order to solve the problems that the features extracted by traditional recognition methods based on static analysis or dynamic analysis technique are relatively few, and malicious code recognition method based on dynamic taint analysis can only analyze a single execution path of malicious code in one execution process. Thus, a malicious code recognition method based on dynamic taint analysis and neural network is proposed. On the basis of dynamic stain analysis technology,the model combined with static analysis technology which can extract the static features then use the neural network to classify. The model not only can extract dynamic semantics layer features, but also static features including the file structure layer features, instruction layer features, static semantics layer features from malicious code file, can analyze all execution paths of malicious code, thus could describe the malicious code accurately.Finally, simulation experiments are performed on the malicious code recognition method based on dynamic taint analysis and neural network. Experiments results show that, compared with traditional malicious code recognition method based on dynamic taint analysis,the proposed dynamic taint analysis method with maximal frequent subgraph mining algorithm improves the recognition efficiency, and compared with traditional malicious code analysis method with single analysis technique, the malicious recognition method based on dynamic taint analysis and neural network achieves excellent recognition accuracy rate and false negative rate.