Research On Malicious Process Recognition Technology Based On Memory Mirror Analysis

With the continuous development of network technology,people's real life and network are gradually integrated.The development of the Internet has also led to the use of malicious programs to deceive users or steal property.Therefore,the identification and detection of malicious programs is becoming more and more important.Machine learning algorithm is widely used in malicious program recognition.but the accuracy of malicious program recognition based on this kind of algorithm is not very high.Therefore,improving the malicious program recognition algorithm and improving the accuracy of malicious program recognition has become an urgent problel to be solved.Based on the existing malicious program recognition technology,this paper proposes an improved weighted bayesian malicious process recognition model based on the optimization ol firefly algorithm.Taking the process extracted from memory mirror as the research object?we collect the behavior data of the process.including system file behavior.registry behavior,API function invocation behavior and abnormal process operation behavior.We extract the feature keywords from the collected behavior data,and count the keywords in each.The number of occurrences in each sample.the establishment of keyword feature data set,and the normalization and dilensionality reduction of the data set.Based on the processed data sets,an improved weighted bayesian algorithm with parameters is proposed,and the improved weighted bayesian algorithm is solved by using the heuristic firefly algorithm.The weights of sample attributes and classes are searched by iteration of firefly algorithm.The weights obtained by iteration are brought into the improved weighted bayesian model to establish an improved malicious process recognition model.1300 samples were downloaded from virusshare website.including 1000 malicious samples and 300 benign samples from trojan horse,worm.backdoor and advertising software.The improved weighted bayesian malicious process recognition model based on optimization of firefly algorithn is used to detect the 1300 samples.The average accuracy of malicious process recognition is 95.15%.Compared with naive bayesian and mutual information weighted bayesian malicious process recognition methods,the average recognition accuracy is increased by 16.99%and 5.4%,so the improved weighted bayesian malicious process recognition model optimized by the firefly algorithm has better recognition effect for 1300 samples obtained by the website.It can be concluded that the proposed method has higher recognition accuracy than the traditional bayesian algorithm model for trojan horse,worm,backdoor and advertising software.