Research On Malicious Code Detection Based On Generative Adversarial Network

With the rapid development of Internet information technology,big data analysis and artificial intelligence technology are driving our lives more convenient.However,the behavior of malicious code threats is gradually increasing.According to statistics,Android malicious code increased by 17.6% in 2017 compared with 2016,and this data will continue to grow,so the detection of malicious code is intensifying.Based on the malicious code detection idea of the generative adversarial network(GAN),it is to obtain the "true" sample distribution that satisfies the characteristics of the real malicious code data and can deceive the discriminator to achieve the defense against malicious code attacks and improve malicious code detection.Firstly,a new Android malicious code APK to image texture feature extraction segmentation method is proposed,which is called “texture segment self-growth texture segmentation algorithm”.Secondly,tensor singular value decomposition based on the low-tubal rank realizes the uniformity of images of different sizes into a fixed third-order tensor,which is input into the neural network for training and learning.Finally,a flexible malicious App detection model based on GAN with code tensor(malicious tensor flexible detection,MTFD-GAN)is proposed.A malicious code detection model based on GAN,which is oriented to the processing of code tensors and input into a malicious code detector for detection.The experiment used a data set widely used for malicious code detection and analysis-Drebin,which contains 5,560 files from 179 different malware families.The experiment extracted 2000 data with obvious feature types for testing.The experimental results show that the proposed model can generally surpass the traditional malicious code detection model,with a maximum improvement efficiency of 41.6% and a minimum of 1.31%.At the same time,the newly generated samples of the GAN network generator greatly enrich the sample diversity.And retraining malicious code detector can effectively improve the detection efficiency of traditional models and improve the robustness of the model.