Research On Malicious Code Detection Technology Based On Clustering Analysis Of Network Behavior Characteristics

In recent years,due to the rapid development of malicious code,network information security has been hitherto unknown threats.While traditional malicious code detection technology can detect malicious code to a certain extent,it still depends on the manual analysis of features.In addition,detection of malicious code is avoided as malicious networks can easily change the content and flow characteristics of the package.Therefore,there is a need for a more accurate and efficient means of detecting malicious code attacks.First of all,this paper proposes a malicious code Feature Analysis Model Based On Network Behavior(MFAM-NB)based on network behavior.In this paper,we analyze the network behavior extracted from the network trace and network equipment,and determine four kinds of network behavior characteristics: active behavior,fault behavior,network scanning behavior and page behavior,and use MFAM-NB framework to conduct network behavior Feature extraction,in preparation for the next malicious code detection.Secondly,this paper proposes a malicious code detection algorithm based on PSO-KM cluster analysis,which solves the problem that the traditional k-Means algorithm is vulnerable to improper selection by the initialization center,leading to inaccurate detection results of malicious code.The algorithm normalizes the eigenvalues,and uses the fitness function to judge the particle 's strengths and weaknesses,and updates the current optimal solution and the global optimum solution through continuous iteration.After the algorithm converges,it inherits the global optimal position and continues to implement the k-Means algorithm to get the clustering result.From the comparison between the accuracy of the algorithm and the execution efficiency,it is found that the PSO-KM algorithm proposed in this paper inherits the global search ability of the PSO algorithm and maintains the fast search ability of the k-Means algorithm.Therefore,Certain advantages.Thirdly,this paper proposes a malicious code detection algorithm based on k-Means cluster analysis based on adaptive weights,which solves the problem that k-Means algorithm is too time-consuming to deal with large data volume feature set.This algorithm adaptively distributes the weight of each cluster by calculating the size of the sum of squared errors within a small batch.The weighted distance is taken as the basis of the redistribution instance,and the parameters of the weighted distance in the objective function are optimized,thus reducing the calculation time And to ensure that the maximum difference between classes.From the comparison between the accuracy of the algorithm and the execution efficiency,it is found that AW-MMKM algorithm proposed in this paper is faster and more accurate for large data volume feature set.Finally,this paper compares PSO-KM algorithm and AW-MMKM algorithm.The experimental results show that PSO-KM algorithm is suitable for malicious code detection in small networks with higher accuracy and smaller data volume.The AW-MMKM algorithm is suitable for the detection of malicious code in a large network with less demanding accuracy but larger amount of data.