Research On A Novel Adaptive Anti-obfuscation Model For Detecting Malicious Code

With the large-scale spread of Internet technology,the threat level of malicious code is constantly rising,which poses a great threat to people's personal privacy and economic interests.In the new round of malicious code attacks,malicious code not only showed an explosive growth in quantity,but also caused a large number of variants of malicious code data due to the continuous upgrading of obfuscation techniques.The new variants of malicious code are more confusing and contagious,and bring a huge threat to people's information security.Variant malicious code programs are mostly generated by an original malicious code family.Therefore,most malicious code detection systems use machine learning algorithms to deal with the detection of variant malicious code.However,the effectiveness of machine learning algorithms depends on the timeliness of the feature extraction algorithms used.With the increasing speed of malicious code obfuscation technology upgrades,the timeliness of feature extraction algorithms is difficult to be guaranteed.This leads to the machine learning-based malicious code detection system that can only maintain the detection accuracy by constantly changing new feature extraction algorithms.Otherwise,new variants of malicious code will be able to easily bypass the system's detection mechanism.Nowadays,In terms of malicious code prevention,most of the research work has focused on the update of feature extraction algorithms.The research on improving the timeliness of feature extraction algorithm is still insufficient.This article addresses the issue of feature extraction algorithms that are vulnerable to failure in malicious code detection systems.An adaptive anti-alias feature cleaning model was proposed.At the same time,this dissertation also proposes an inverted pyramid multi-layer filter model for large-scale malicious code data detection performance problems.The main contributions of this article include:1)An adaptive anti-alias feature cleaning model is proposed.This model improves the problem that n-gram feature extraction algorithms are easy to be confused.The confusion thresholds in different malicious code samples can be dynamically calculated to achieve the elimination of confusion features.In addition,the model can adaptively increase the proportion of excellent features in the feature database according to the change of the input sample set.2)A filter-based detection model based on deep learning is proposed.This model uses a convolutional neural network architecture to identify malicious code image data.According to the setting of filtering parameters,the model can achieve different granularity of filtering and cleaning for massive malicious code data.In addition,the model uses a distributed cluster architecture.It is possible to quickly update the model and maintain the filtering effect of the model.3)An inverted pyramid multi-layer filter model is implemented.The detection model is divided into three layers,a filter layer,a feature extraction layer and a detection layer.Based on the massive malicious code sample library provided by Microsoft,this paper validates each section in the model.In 5000 malicious code sample detection tasks,the final detection accuracy of the model is up to 97.85%,while the fastest detection time can be controlled within 26 minutes.Experimental results show that each module in the inverted pyramid multi-layer filter model works normally.Researchers can adjust the parameters of the detection system according to the actual task requirements,so that the different requirements of the detection task coud be completed.