Research On Malware Classification Method Based On Deep Learning

With the development of malware detection technique at home and abroad,malware is becoming more advanced and alert.Due to the emergence of anti-detection techniques such as code obfuscation and distortion,malware authors can quickly obtain malware variants,making traditional malware static detection techniques based on fixed features difficult to meet the current mass malware detection needs,and the detection effect is also severely limited.In order to cope with the risk assessment and detection requirements of a large number of malware,this thesis proposes an efficient detection method which based on traditional static detection techniques that can meet the needs of a large number of malware detection: Based on the principle of information entropy,it solves the problem that the static features of malware are redundantly dependent on manual selection;Using deep learning to solve the problem that traditional methods of feature processing cost too much which severely limits the detection efficiency and difficultly deal with the code obfuscation and other related techniques.It could achieve a reliable detection accuracy while ensuring high detection efficiency.The main work of this thesis is as follows:1.Aiming at the problem that feature selection in traditional malware static detection methods which depends on artificial experience,an effective feature selection method is proposed.This thesis disassembles software samples on the windows platform,and applies the principle of information entropy to filter the opcode sequence features extracted by the N-gram method,then we get the key features.2.Aiming at the problem that the features after de-redundancy still have high dimensions and processing costs,an efficient method for feature processing is proposed.In this thesis,the high-dimensional feature vectors are modeled and learned based on the deep learning method “Stacked Denoising Autoencoder”,and then the low-dimensional and high-representation "signature" features are obtained,which greatly reduces the cost of feature processing and has strong generalization ability.3.Aiming at the problem that the malware detection process is complicated and the functions are scattered,this thesis integrates feature extraction,filtering,processing,and detection,designs and implements a fully automatic detection system,making the detection process more efficient and concise.