Research On Visual Malware Classification Technology Based On Machine Learning

In recent years,with the development and popularization of network technology,global politics,economy,culture,society,ecology,national defense,and other fields have been fully integrated with the Internet,at the same time,the intrusions that cyberspace faces are becoming more and more frequent.Traditional malicious code analysis methods focus more on analyzing the internal function call logic relationships or semantic information in opcode sequences for malicious code classification and detection.This method requires a lot of manpower and requires a high level of professionalism of the analyst;With the application,development and maturity of artificial intelligence technology in other fields,exploring the application of machine learning methods in the field of network security is a very important research topic.This dissertation adopts code visualization technology to display malicious code samples in the form of grayscale images.Based on this,the dissertation proposes an improved method based on the transfer learning Faster-rcnn network for classification of malicious code.The global feature extraction of the malicious code image by the network can extract deeper features than the method of extracting local texture features using the LBP algorithm and the Gist algorithm;The convolutional neural network in the Faster-rcnn network can extract the global features of the malicious code image.Compared with local texture features extracted by the method of LBP algorithm and Gist algorithm,it can extract deeper features;Use transfer learning,a machine learning method,to directly migrate low-level parameters that represent common features in a pre-trained network model to a malicious code classification model,fine-tuning high-level network parameters focused on contributing to the target dataset,in order to accelerate the convergence speed of the malicious code classification model training;And building a new objective function,to solve the problem that a low proportion of classification resulted for the regression error is large when the RPN network generates a candidate suggestion box for the text section of the malicious code image,thisenables the network to adjust to the optimal parameters during the back-propagation process,thereby improving the classification accuracy and further realizing the classification of visual malicious code.This article collected malicious samples from six malicious code family and conducted two experiments,comparing the experimental results of before transfer learning and after transfer learning,we compared the speed of model convergence,accuracy,detection rate,and false alarm rate.The experimental results show that the method proposed in this paper can accelerate the model's convergence speed and achieve good classification results on the sample data set used in the experiment.Wealso compared to other methods for the visualization of malicious code classification.The experimental results show that the method the dissertation proposed can achieve effective classification of malicious code.