Research On Detection Technology Of Malicious Code Family Based On Deep Learning

The Internet is developing rapidly.As a major threat to cyberspace security,malicious code is growing at a rapid rate,most of which are generated by mutations in the original family.Through the detection of malicious code families,the rapid classification of malicious codes can be realized,and targeted detection and prevention can be carried out.This thesis proposes a malware family detection technology based on Deep Learning.The main research contents are as follows:1.Collection and preprocessing of malicious code family data.The data set for this experiment includes a total of 14846 malicious code samples from 11 families.After the data is collected,the collected malicious code samples are preprocessed by unpacking to filter out more factors that interfere with the classification of malicious code families.2.Visualization of the characteristics of malicious code families.Through the malicious code family feature visualization technology,the malicious code PE view,byte view,and assembly view are combined,and the Bilinear interpolation algorithm is used to solve the problem of three-channel image information fusion,and generate the RGB three-channel image of the malicious code family characteristics,which is more comprehensive Describe the family characteristics of malicious code.3.Two types of malicious code family detection and classification models based on deep learning have been constructed: CNN-Bi LSTM model and Resnet18-Attention model.The CNN in the CNN-Bi LSTM model can learn the deep features of the RGB map of malicious code that cannot be learned by general Machine Learning algorithms,and the Bi LSTM can contact the front and back features of the malicious code;the Resnet in the Resnet18-Attention model The difference network can deepen the number of convolutional layers and learn deeper features.The Attention can take into account global features,extract family features of malicious codes more comprehensively,and improve the accuracy of model classification and detection.In order to verify the effectiveness of the malicious code visualization technology and deep learning classification model proposed in this article,this article conducts comparative experiments on various control variables without changing the operating environment.The experimental results show that the Resnet18-Attention model classifies the RGB images generated by the malicious code family feature visualization technology,and obtains an accuracy of 97%,which proves that this model has a good effect in the detection of malicious code families.In contrast,although the overall performance of the CNN-Bi LSTM model is not as good as the Resnet18-Attention model,the classification and detection time of the CNNBi LSTM model is shorter,which proves that this model has certain advantages in computational complexity and classification speed.