Research On Malware Detection Method Based On Deep Learning

With the rapid development of the Internet era,the number of malware has reached an unprecedented peak,and malware is seriously threatening global network security.Due to the dramatic changes in the number of malware and attack techniques,traditional malware detection does not solve this problem well.Therefore,the research of new malware detection algorithms has become one of the important areas of concern for scholars at home and abroad.This paper chooses worms and Android malware,which are two kinds of malware that have a serious impact on the network security environment.Firstly,the traditional signature-based worm detection method relies on manual extraction of the signature.This paper proposes a worm detection method based on deep learning,which includes a new worm detection algorithm,CNN-based worm detection method and a new worm signature generation method,DNNLM-based worm signature automatic generation method.In the CNN-based worm detection method,three different data preprocessing methods are proposed: frequency processing,frequency weighted processing and differential processing.The pre-processed data is trained using the CNN model and the unknown payload is predicted.In the DNNLM-based worm signature automatic generation method,the worm payload and the corresponding signature are used as training data,and the DNNLM algorithm is used to train the model.The worm payload of the unknown signature is input into the trained DNNLM model,and then the new proposed The Signature Beam Search algorithm automatically generates the corresponding worm signature.The experimental results show that the method can accurately detect the worm payload and generate accurate worm signatures.The generated worm signatures have lower false negative rate and false positive rate.Secondly,this paper proposes an Android malware detection method based on GRU.This method uses the static features of Android malware(sensitive function call sequences and Intents)as training data.Because of the similarity between sensitive function calls,this paper uses the text similarity theory to improve the GRU structure,and thus obtains three different structures of InputGRU,HiddenGRU and InputHiddenGRU.Based on different GRU structures,this paper implements a GRU-based Android malware detection model,AndroGRU.The experimental results show that using the sensitive function call sequence and Intents as the training data,the Android malware detection based on the AndroGRU model of HiddenGRU is the best.In general,by analyzing the difference between the worm payload dataset and the Android malware dataset,this paper implements a worm detection method based on deep learning and an Android malware detection method based on GRU,which can detect malware in a targeted manner.