Research On Malware Detection Method Based On Deep Learning

With the rapid development of computer network technology,various intelligent electronic products such as computers and mobile phones have been integrated into all aspects of people's production and life.At the same time,driven by interests,malware has gradually spawned a huge black industry chain,which has seriously threatened the security and privacy of computer network users.Windows and Android,as the leading players in the global computer and mobile phone operating system market,have also attracted the malware industry chain,which has led to explosive growth in the number and type of Windows and Android malware in recent years.However,it is well known that traditional detection methods are difficult to adapt to the explosive growth of malware and variants.In recent years,deep learning have achieved tremendous breakthroughs in computer vision,speech recognition,and natural language processing,and also provided a new perspective for the research of malware detection.Therefore,based on the rich research results of deep learning,research on efficient intelligent malware detection methods has become an important research topic in the field of cyber security.In view of Windows malware,a novel end-to-end malware detection method has been proposed,which does not require the participation of security experts.It directly detects the original malware by training a deep learning model named MalConv,and the detection accuracy rate achieves 94%.However,it has been shown that models based on deep learning are vulnerable to adversarial examples,that is,attackers can make subtle changes to malware to avoid model detection.Aiming at the MalConv,this paper first deeply explores the security vulnerabilities of the model,and proposes two novel white-box attack methods and a novel black-box attack method.After attacking the trained model,one of the white-box attack methods can achieve a success rate of 99%.Without the prior knowledge of the exact structure and internal parameters of the detector,the proposed black-box method can also achieve a success rate of 73%.Secondly,this paper considers adversarial training as a defensive method in order to resist adversarial examples.While proving the effectiveness of adversarial training,this paper also analyzes its security risk,that is,a large number of adversarial examples can poison the training dataset of the victim model.Finally,this paper also proposes a defense method that rejects adversarial samples.Experiments prove that the method can effectively improve the security and efficiency of malware detection.For Android malware,although deep learning-based detection methods continue to emerge,most of these methods require a lot of time and effort of malware experts to complete feature engineering,which is difficult to apply to massive Android malware detection.This paper proposes two end-to-end Android malware detection methods based on deep learning.Compared with the existing detection methods,the proposed methods have the advantage of their end-to-end learning process.This paper first preprocesses the DEX files of Android software into fixed-length sequences.Secondly,this paper proposes two deep learning models to detect the preprocessed sequences.Finally,this paper trains and evaluates these two models on a dataset containing 8K benign samples and 8K malicious samples.Experiments show that the proposed methods can achieve 93.4% and 95.8% detection accuracy respectively.Compared with the existing methods,the proposed methods are not limited by input filesize,no manual feature engineering,low resource consumption,so they are more suitable for deployment on lightweight Android devices.