Malware Detection Based On Deep Learning

In recent years,malicious code and cyber attacks are frequent,causing more and more harm,new threats are emerging,and increasingly serious cybersecurity problems,not only make enterprises suffer huge economic losses,but also make the national security face serious threats.In the face of the rapid turnover and explosive growth of malicious code,the ability of traditional detection methods is becoming increasingly weak,how to achieve accurate and efficient malicious code detection has become the focus of current network security.This theis first summarize the current state of research on malicious code at home and abroad.In view of the problems of too many parameters and too much computation in most of the current malicious code classification methods for convolutional neural networks,using the image texture feature of malicious code,a malicious code detection method based on Shuffle Net lightweight convolutional neural network is proposed.Use grayscale diagrams to extract and describe texture features,build models and model training through Shuffle Net to learn deeper features of textures;use the softmax classifier to divide malicious code into the family to which it belongs.The experimental results showed that the classification accuracy of the model reaches 98.54%.In the experiment,a variety of shallow machine learning models are set up as a control group,and finally,the performance of the method in classifying malicious code families was proved to be superior to the machine learning method by comparing it with the shallow machine learning method.Then a malicious code classification method based on the Gate Recurrent Unit(GRU)is proposed to address the problem that manual feature engineering cannot extract the deep features of malicious code in the traditional malicious code classification method.The opcode sequence is extracted from the disassembled.ASM file,use the N-gram algorithm to represent the opcode sequence,and use the processed opcode vector feature space to train the GRU model,automatically extract the deeper features of the opcode and perform family classification of the malicious code.The experimental results show that the classification accuracy of the model reaches 98.57%,which is significantly better than the traditional machine learning method.Finally,a feature fusion approach for classifying malicious code families is proposed.Combining opcode features and texture features,the fused feature data is used to train the Shuffle Net model,and the model is parameterized and optimized to improve the generalization of malicious code family classification methods.The experimental results show that the classification accuracy of the model reaches 99.73%,and by comparing the accuracy results of single feature and fusion feature,it is proved that the malicious code family classification method of feature fusion has good classification performance,and by comparing the accuracy and parametric results of the experiment with other methods based on Convolutional Neural Network(CNN),it is finally proved that the model is superior to other convolutional neural network models.