Multi-task Classification Technology Based On Feature Fusion And Threat Evaluation Of Malware

With the development and popularization of the Internet,network security has become more and more important.Malware is one of the major threats to network security.Analysis and detection of malware is an important research direction in the field of network security.On the one hand,malicious code uses obfuscation,distortion,and other technologies to continuously generate new malware variants.Effective detection and classification of malicious code can improve the security of the computer;on the other hand,effective assessment of the threat of malicious code can provide an important guarantee for the corresponding prevention work.Dynamic analysis techniques can well detect malicious code that uses encryption,shelling,polymorphism,and deformation techniques.Static analysis can traverse all possible execution paths in a malware sample.This thesis uses a combination of dynamic and static analysis methods to extract various types of features of the sample,explore the fusion of multiple features,and study methods for handling malicious code detection problems and malicious code family classification problems in a classifier.In addition,aiming at the limitation of current threat assessment of malicious code,a method of threat assessment of malicious code based on information fusion is proposed.The main work of the thesis includes:1)A multi-task malicious code classification system based Deep Nerual Network is designed and implemented.The use of neural network technology for detection and classification of malicious code is currently the main trend.The two common analysis steps include extracting features,selecting features,and building a classifier through neural network training.The difference lies in the output of the classifier.The output of the detection is belongs,two types,that is,a normal program or a malicious program.The classified output belongs to the malicious code.Family,two kinds of problems can share feature extraction and selection,classifier training process,by setting up the output layer,neural network can handle both detection problems and family classification problems.2)A feature fusion method based on stepwise regression analysis is presented.Currently,a model that uses multiple features for malicious code detection or family classification does not analyze the degree of fusion of features,which can easily lead to problems in that the accuracy of multiple features detection is not improved but the amount of calculation is complicated and the time and space consumption are high.This thesis is based on the degree of integration between the thought exploration features of stepwise regression analysis and selects the best feature set.3)A malware threat assessment method is presented and proposed.The common maliciouscode assessment methods are not comprehensive enough in terms of evaluation indicators,and the content of the assessment is not rich enough,in addition,the malicious code's own technology is continuously progressing but the traditional assessment methods have certain limitations.This thesis analyzes and summarizes the types of malicious code,commonly used techniques and development trends of malicious code authors,and proposes seven indicators for evaluating the threat of malicious code:destruction?diffusion?concealment?anti-detection?self-protection?self-startup and resource consumption.The index evaluation system extracts various types of characteristic information of malicious code,uses information fusion methods to determine the threat value of various indicators,and effectively evaluates the threat of malicious code.We tests the multi-task classification model and the threat assessment method respectively.The test proved verify the accuracy and effectiveness of the model and method.