| With the innovation of Internet technology,the transmission of malware has increased,as a consequence the types and quantities of malware have exploded.Driven by huge black income,malware authors use sophisticated methods such as packing,obfuscation and polymorphism to generate malware variants in order to avoid detection of anti-virus engines.In the case of attack and defense information are unequal,facing the endless stream of malware variants.How to accurately and efficiently identify and classify malware variants has become an important research content in order to protect network security.Most of the current research on malware variant detection uses feature extraction based methods to extract features from malware's bytecode,assembly code,PE structure or dynamic execution results,and use various machine learning algorithms to classify malware families.These methods can easily and intuitively mine malicious behavior patterns,but in the face of complex malware confrontation techniques such as packing,obfuscation,anti-sandbox,deformation,etc.,it is hard to identify and classify malware variants in time.With the development of deep learning,using deep neural network to identify malware variants efficiently and accurately has become a research trend.This paper is devoted to the detection of malware variants using deep neural network technology.The research results of this paper are mainly composed of the following three aspects:Firstly,a malware variant detection method based on malware imaging scheme is proposed.Aiming at the problem that the data dimension is single and the file size is uncontrollable in the traditional malware imaging scheme,this paper proposes a malware image enhancement scheme based on assembly structure and continuous visible characters,and truncate malware based on file structure.Finally,the malware is converted to an image in RGB format.Next,this paper uses Imagenet champion model Densenet to train malware images,and extracts high-dimensional feature patterns through deep convolutional neural networks to complete the detection of malware variants.Secondly,a malware variant detection method based on malware serialization is proposed.Aiming at the problem that it is difficult to effectively modeling large-scale software execution sequences and low detection accuracy and inefficiency in the traditional malware dynamic detection method,this paper transforms the API execution sequence into a word vector and proposes an improved TextCNN algorithm,using dilated convolution and K-max pooling to expand the local receptive field of the API sequence.The methods significantly improve the efficiency while preserving sufficient local correlation,so that the algorithm can effectively mine the malware variant behavior pattern from a large number of redundant sequence information,thus completing the malware variant detection.Thirdly,a malware variant detection system was proposed.In order to verify the effectiveness of the two methods proposed in this paper,the malware variant detection system was designed and implemented,and the overall design and modular details of the system were introduced in detail.Finally,this paper uses three public datasets to test the system designed in this paper,which achieves a static detection accuracy of 99.57%in the Malimg dataset and a dynamic detection accuracy of 92.06%in the Alibaba Cloud dataset.There is a significant improvement over other publicly available solutions in the data set.The two scheme fusion models have also achieved good migration detection results in the real sample dataset VirusShare.The results of multiple experiments show that the proposed deep code neural network-based malicious code variant detection scheme can effectively improve the detection rate and recognition rate of malware variant. |
PDF Full Text Request