| In recent years,the development of computer technology and the popularity of the Internet have greatly facilitated various production and living activities,but the lack of security awareness has also provided necessary conditions for the emergence of malicious code.Malicious code detection has become a hot issue in the security field,but various countermeasure techniques used by malicious code also make detection and analysis very difficult.In the traditional processing process for packer malicious samples,the type and algorithm of the packer are identified first,and then the corresponding unpacking algorithm is used to obtain the original code,which is then analyzed and processed.There are many techniques in this process.Difficult and time consuming.This article hopes to directly detect the original file or code of the packed sample,reducing the time of preprocessing and detection.This paper first implements and verifies the visualization detection scheme in malicious code detection technology,and proposes two improvement schemes based on this: One is to use the machine code obtained by disassembly of the malicious code as the basis for the visualization.A convolutional neural network that performs classification detection based on semantic information can effectively improve its performance on packed samples.Second,the idea of using adversarial samples and generating adversarial networks is used to enhance the previous model,and transfer learning is used to improve the training speed and accuracy of the model,which can also improve its detection accuracy on packed samples.At the end of this article,the two schemes are discussed,analyzed and compared,and the applicable scope and improvement schemes of the respective schemes are discussed.The work proposed in this paper aims to provide an automated detection scheme for packed malicious samples without unpacking them,improve the efficiency and accuracy of detection,and provide new ideas for the detection of packed malicious samples. |
PDF Full Text Request