Research On Malware Classification Based On Image Texture Features

The rapid development of the Internet leads to the explosive growth of various information,but this brings cybersecurity risks in the new environment.In order to reduce cybersecurity risks,the classification detection method capable of generalized detection of malware shows its necessity in the network.Malware users usually use complex confusing techniques such as adding shell and deformation to avoid the risk of antivirus software.How to efficiently and accurately identify and classify malware has become an important research content in order to protect network security.Most of the current research on malware detection uses feature extraction based methods to extract features from malware's PE structure,assembly code or dynamic execution results,and use various machine learning algorithms to classify malware families.Malware has a strong symbiosis,and is usually named in the form of family when researching.There is a lot in common for malware of the same family,so identifying the families of malware has important research significance for malware detection.Deep learning technology has been widely used in classification and recognition.It has become a new research direction of malicious code detection by combining malicious code visualization with neural network training.The main research results of this thesis are as follows:Firstly,a malware detection method based on image texture fingerprint feature and deep learning is proposed.This method models the binary files of malware in the data set as grayscale images.Aiming at the problem that the file size is uncontrollable and more interference information in the traditional malware imaging scheme,a method of extracting fingerprint feature image from malware based on gray co-occurrence matrix is proposed.The unsynchronized long extended sample size was selected,the fingerprint feature image was used as the input data set,and the classification training was carried out in the machine learning algorithm model for malware detection.Secondly,a malware detection method based on multi-classifier fusion is proposed.In this paper,the random forest classifier,the k-means classifier and the neural network classifier based on the image texture fingerprint are adopted.Using fuzzy integral as fusion operator.Multiple classifiers are combined and the fusion classifier is used to detect the malware.Experiments show that the multi classifier fusion of malware classification through fusion integral,compared with single classifier,has a certain improvement effect.Finally,the public data set adopted in this paper is the data set used in Microsoft's 2015 malware classification competition.Experimental results show that the method based on image texture can effectively improve the recognition rate and recall rate of malware,and achieve good results in the generalization test.