Research On Deep Learning Based Malware Classification Technology

In recent years,cyber threats have intensified,and the number of new malware has reached 370,000 every day,and is still rising.The accuracy and efficiency of static detection of traditional malware detection systems need to be improved.As a result,a large number of samples require dynamic detection,calculation resource and timehave multiplied.Therefore,it is necessary to improve the traditional malware classification technology,improve the accuracy and efficiency of static detection of malware,reduce the dynamic detection burden,and effectively improve the efficiency of the malware detection system to cope with the growing large-scale malware.This paper investigates the current research status of malware classification technology of malware,and analyzes the main problem at present:feature vectors cannot effectively characterize malware.After investigating related technologies such as feature extraction,nlp,deep learning,and clustering technology,it was proposed to use static API call sequences as malware behavior features,use the GloVe word vector model for vectorized representation.Using the improved textCNN network to classificate which improves accuracy by 1.51%-3.76%.Using the improved single pass incremental clustering model solves the problem of too many iterations and repeated calculations of traditional clustering,and greatly improves the malware clustering efficiency.The innovation of this paper is to introduce the concept of word vector to improve feature extraction and vectorization technology,to preserve the semantic and timing relationship of API calls in the feature vector,to effectively describe malware from the level of behavior.Both the classification network and clustering models have been improved accordingly to improve the accuracy and efficiency of static detection of malware classification.Through the research of this thesis,a prototype system is designed and implemented,which effectively improves the accuracy of the static detection of malicious code,thereby improving the working efficiency of the malware detection system,and laying a foundation for further dominating the network security field.