Research On Malware Variants Detection Method Based On Feature Fusion

With the popularity of the Internet,more and more frequent malware attacks have become one of the most serious threats in network security protection.Among them,malware variants produced by a series of modification technologies such as obfuscation and shelling are the biggest challenge for malware detection.It not only causes serious damage to the information privacy of individual users,but also poses a huge threat to the national network security.Therefore,we must find an effective solution to the security problems caused by malware variants.In recent years,researchers at home and abroad have done a lot of work in the field of malware detection,but most of these work still have some problems,such as shallow features are easily interfered by confusion technology,or a single type of features can not fully describe the malicious software information.To solve these problems,this paper proposes a series of intelligent detection methods for malware variants after fully investigating the features of malware variants and their families in different views.The main contents of this paper are as follows(1)Aiming at the problem that the traditional detection method based on shallow feature matching is prone to be interfered by confusion technology,this paper proposes a malicious software variant detection method based on decomposed deep convolutional network(decdcnn)for optimization.In this method,the gray image texture information is used as the detection feature,and the global feature of gray image texture information is used to improve the defense ability of the model against confusion technology.In addition,in order to solve the problem of high computational loss caused by the detection of deep convolution network,this paper proposes a convolution optimization method based on dec-dcnn network,which can not only retain the detection accuracy of the original pre training network,but also effectively reduce the computational resource consumption of deep convolution without retraining.Experimental results show that,compared with the current mainstream visual detection model of malicious code,the proposed method has stronger expression ability and faster detection speed for texture features of malicious software image.(2)Traditional malware detection methods only focus on a single type of feature,and can not represent malware from the global level.This paper designs and implements a malware variant detection method based on the fusion of different kinds of features.The method uses dec-dcnn and information gain,Ig)extracts image texture information and important opcode combination from malware gray image and assembly code to construct fusion feature space.Because different kinds of features can describe the global and local information of malware from different dimensions,constructing fusion feature space can effectively improve the description ability of malware variant information.Experimental results show that,compared with the single type feature detection method,the proposed method has better detection performance for malware variants.