Research And Implementation Of Malware Classification Based On Deep Learning

With the rapid development of the Internet,malware has grown rapidly in types and quantities,and a large number of variants of viruses have made it increasingly difficult to detect malware based on fixed features.There are many related researches on the automatic detection technology of malicious samples,but the current method based on static detection has limitations for malicious samples with system call confusion techniques.The existing dynamic detection method mainly extracts features from only part of the dynamic call sequence,and the accuracy of the detection result is limited.In this paper,based on the dynamic behavior analysis of malware,a redun-dant information preprocessing algorithm is proposed.Based on this,a model based on bi-directional residual recurrent neural network is designed and im-plemented.We use its ability to process time series data to directly detect se-quences.This paper also proposes a new sequence feature extraction method based on system call association analysis,which analyzes the functional re-lationship of the system call dependencies in the sequence.Then we extract features from sequences and use random forests for detection.At the end of the paper,we try to integrate the two methods.The experimental results show that both methods can effectively detect malicious samples,and after integra-tion,The AUC(Area Under the Curve of ROC)of the combined model reached 0.99.Based on the existing open source system,this paper designs and imple-ments a malware intelligent detection system,which can automatically intercept network traffic and capture files in the Local Area Network,and submit files to the system for detection.The final report contains the results of the detection result using the combined model based on machine learning and deep learning proposed in this paper.In this paper,we propose a variety of optimization methods for malware detection systems for the problems we found in the experiments.Including the generation of malicious samples for the difficulty of collecting malicious sam-ples,based on Generative Adversarial Networks;a potential malware sequence search algorithm is proposed to help improve existing malicious sample anal-ysis and forensics techniques,which uses model explainability technology to derive the feature patterns that play a key role in malicious sample classifica-tion.