Research And Implementation Of Windows Malware Detection Technology

In this era of information networks,more and more malicious software poses a serious threat to security.How to detect malware attacks in a timely and effective manner becomes particularly important.Due to its serious damage and threat to the security of the Internet and computing devices,malware detection has attracted the attention of anti-malware industry and researchers for decades.Increasingly sophisticated malware requires new defense technologies to detect and combat novel attacks and threats.Artificial intelligence and deep learning also provide new technologies for Windows malware detection.However,the existing detection technology still has some problems:1)The feature mining of PE file parsing is not enough.After the PE file is parsed,a large number of features will be generated,including general file information,API,header file information,export functions,and so on.However,most detection models only analyze a few of the features,and do not take into consideration the relationship between each PE file.2)For a large number of PE file features,most researchers only choose one of them through common sense and semantic understanding.Individual features,without systematically using feature selection algorithms for optimal feature selection.For the two issues raised above,this paper optimizes the HIN-based malware detection model,and proposes improvements to the feature selection of PE file features.The main content of this article includes:(1)Fully study the PE file,and carefully study all the features that can be obtained after analyzing the PE file.The characteristics related to the detection of maliciousness are screened out as the attribute characteristics.For various relational features of PE files,this paper uses a feature modeling method based on heterogeneous graphs.Heterogeneous graphs have strong flexibility for modeling relational features of multiple nodes and edges,and the use of heterogeneous graphs is also more comprehensive for the feature extraction of PE files.This paper constructs a heterogeneous map with attributes containing five meta-paths,which comprehensively covers the complex semantic information of PE files.This paper shows through test experiments that the model solves the problem of insufficient feature mining of PE files and does not consider relational features,and improves the accuracy of the detection model.(2)For the attribute features of a large number of PE files,this paper has carried out feature selection work.Based on the advantages and disadvantages of existing feature algorithms,this paper makes certain improvements to feature selection algorithms.Using the feature selection algorithm combined with Filter and Wrapper,the most feature subset based on the Ember data set is obtained.(3)Designed and implemented a web-side malware detection system for windows.Using the model proposed in this paper as the detection engine of the system makes the proposed model more practical.