Malware Detection Based On Convolutional Neural Network And Hardware Features

Detection of malicious programs(i.e.,malwares)is a great challenge due to increasing amount and variety of attacks.Traditional malware detection ways,which based on static signature verification,have been unable to deal with the escalating attacks,so researchers are paying more attention on dynamic real-time ways.Recent works have shown that machine learning,especially neural network,performs well in malware detection.In this thesis,convolutional neural network(CNN)is used to build the malware classification model.This thesis proposed a new malware detection method based on convolutional neural network and hardware features.Different from other works,this work uses hardware events to generate the feature image of programs.Software features,like branch,jump and system call,can be covered by coding,but it's hard to change hardware features.In this work,184 types of hardware events were chosen as features by analyzing the attacking behavior of malware.The features are converted to feature images latter.CNN is trained with kinds of data sizes and kernel sizes,and evaluate the result by the area under a receiver operating characteristics(ROC)curve(AUC).The results show the proposed classification model can achieve AUC = 0.9973 in best case.Moreover,by comparison with other CNNs trained with software-based features,it is indicated that the proposed model has higher accuracy than the other ones.